CVE-2026-3356
Authentication Bypass in MS27102A Remote Spectrum Monitor Allows Unauthorized Access
Publication date: 2026-03-31
Last updated on: 2026-03-31
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized users to access and manipulate the management interface of the MS27102A Remote Spectrum Monitor due to an inherent lack of authentication mechanisms.
This unauthorized access could lead to violations of common standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive data.
Because the device cannot enforce authentication, it inherently fails to meet compliance requirements related to access control and data security.
Can you explain this vulnerability to me?
The MS27102A Remote Spectrum Monitor has a vulnerability that allows unauthorized users to bypass authentication and gain access to its management interface.
This vulnerability exists because the device does not have any mechanism to enable or configure authentication, making it a design flaw rather than a deployment mistake.
How can this vulnerability impact me? :
Because unauthorized users can access and manipulate the management interface without authentication, they could potentially control or disrupt the device's operations.
This could lead to unauthorized changes, loss of device integrity, and potentially impact the security and reliability of the systems relying on this device.