CVE-2026-3356
Received Received - Intake
Authentication Bypass in MS27102A Remote Spectrum Monitor Allows Unauthorized Access

Publication date: 2026-03-31

Last updated on: 2026-03-31

Assigner: ICS-CERT

Description
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-31
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3356
EUVD
EUVD-2026-17585
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The MS27102A Remote Spectrum Monitor has a vulnerability that allows unauthorized users to bypass authentication and gain access to its management interface.

This vulnerability exists because the device does not have any mechanism to enable or configure authentication, making it a design flaw rather than a deployment mistake.

Impact Analysis

Because unauthorized users can access and manipulate the management interface without authentication, they could potentially control or disrupt the device's operations.

This could lead to unauthorized changes, loss of device integrity, and potentially impact the security and reliability of the systems relying on this device.

Compliance Impact

The vulnerability allows unauthorized users to access and manipulate the management interface of the MS27102A Remote Spectrum Monitor due to an inherent lack of authentication mechanisms.

This unauthorized access could lead to violations of common standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive data.

Because the device cannot enforce authentication, it inherently fails to meet compliance requirements related to access control and data security.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3356. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart