Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for Remote Spectrum Monitor MS27100A by Anritsu
CVE-2026-3356 (GCVE-0-2026-3356)
Vulnerability from nvd – Published: 2026-03-31 18:40 – Updated: 2026-04-01 13:43
VLAI?
Title
Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
Summary
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.
Severity ?
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anritsu | Remote Spectrum Monitor MS27100A |
Affected:
All versions
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Souvik Kandar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:43:38.631220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:43:44.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27100A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27101A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27102A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27103A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:40:17.359Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\u003cbr\u003e\n\u003cbr\u003eUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\n\n\nUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-3356",
"datePublished": "2026-03-31T18:40:17.359Z",
"dateReserved": "2026-02-27T18:08:31.007Z",
"dateUpdated": "2026-04-01T13:43:44.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3356 (GCVE-0-2026-3356)
Vulnerability from cvelistv5 – Published: 2026-03-31 18:40 – Updated: 2026-04-01 13:43
VLAI?
Title
Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
Summary
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.
Severity ?
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Anritsu | Remote Spectrum Monitor MS27100A |
Affected:
All versions
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Souvik Kandar
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:43:38.631220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:43:44.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27100A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27101A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27102A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27103A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:40:17.359Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\u003cbr\u003e\n\u003cbr\u003eUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\n\n\nUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-3356",
"datePublished": "2026-03-31T18:40:17.359Z",
"dateReserved": "2026-02-27T18:08:31.007Z",
"dateUpdated": "2026-04-01T13:43:44.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}