Search criteria
2 vulnerabilities found for Remote Spectrum Monitor MS27102A by Anritsu
CVE-2026-3356 (GCVE-0-2026-3356)
Vulnerability from nvd – Published: 2026-03-31 18:40 – Updated: 2026-04-01 13:43
VLAI
Title
Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
Summary
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anritsu | Remote Spectrum Monitor MS27100A |
Affected:
All versions
(custom)
|
|
| Anritsu | Remote Spectrum Monitor MS27101A |
Affected:
All versions
(custom)
|
|
| Anritsu | Remote Spectrum Monitor MS27102A |
Affected:
All versions
(custom)
|
|
| Anritsu | Remote Spectrum Monitor MS27103A |
Affected:
All versions
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:43:38.631220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:43:44.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27100A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27101A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27102A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27103A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:40:17.359Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\u003cbr\u003e\n\u003cbr\u003eUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\n\n\nUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-3356",
"datePublished": "2026-03-31T18:40:17.359Z",
"dateReserved": "2026-02-27T18:08:31.007Z",
"dateUpdated": "2026-04-01T13:43:44.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3356 (GCVE-0-2026-3356)
Vulnerability from cvelistv5 – Published: 2026-03-31 18:40 – Updated: 2026-04-01 13:43
VLAI
Title
Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor
Summary
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Anritsu | Remote Spectrum Monitor MS27100A |
Affected:
All versions
(custom)
|
|
| Anritsu | Remote Spectrum Monitor MS27101A |
Affected:
All versions
(custom)
|
|
| Anritsu | Remote Spectrum Monitor MS27102A |
Affected:
All versions
(custom)
|
|
| Anritsu | Remote Spectrum Monitor MS27103A |
Affected:
All versions
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:43:38.631220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:43:44.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27100A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27101A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27102A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Remote Spectrum Monitor MS27103A",
"vendor": "Anritsu",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Souvik Kandar"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T18:40:17.359Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\u003cbr\u003e\n\u003cbr\u003eUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"value": "Anritsu has no plans to fix this issue. Anritsu recommends that users deploy Remote Spectrum Monitor within secure network environments to mitigate potential risks.\n\n\n\nUsers can contact Anritsu Technical Support (1-800-267-4878) for more information."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-3356",
"datePublished": "2026-03-31T18:40:17.359Z",
"dateReserved": "2026-02-27T18:08:31.007Z",
"dateUpdated": "2026-04-01T13:43:44.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}