Refine your search
1 vulnerability found for OpenBlocks IX9 models with FW (FW5.0.x) by Plat'Home Co.,Ltd.
CVE-2026-21411 (GCVE-0-2026-21411)
Vulnerability from cvelistv5
Published
2026-01-06 06:34
Modified
2026-01-06 14:49
Severity ?
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Plat'Home Co.,Ltd. | OpenBlocks IoT DX1 (FW5.0.x) |
Version: all versions prior to FW5.0.8 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:47:57.055920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:49:01.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenBlocks IoT DX1 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IoT EX/BX models (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IX9 models with FW (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IoT VX2 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IDM RX1 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IoT FX1 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T06:34:11.329Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.plathome.co.jp/support/software/fw5/dx1-v5-0-8/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97172240/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21411",
"datePublished": "2026-01-06T06:34:11.329Z",
"dateReserved": "2026-01-05T02:44:14.797Z",
"dateUpdated": "2026-01-06T14:49:01.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}