CVE-2026-21411 (GCVE-0-2026-21411)
Vulnerability from cvelistv5
Published
2026-01-06 06:34
Modified
2026-01-06 14:49
Severity ?
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Plat'Home Co.,Ltd. | OpenBlocks IoT DX1 (FW5.0.x) |
Version: all versions prior to FW5.0.8 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T14:47:57.055920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T14:49:01.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpenBlocks IoT DX1 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IoT EX/BX models (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IX9 models with FW (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IoT VX2 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IDM RX1 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
},
{
"product": "OpenBlocks IoT FX1 (FW5.0.x)",
"vendor": "Plat\u0027Home Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "all versions prior to FW5.0.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "Authentication Bypass Using an Alternate Path or Channel",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T06:34:11.329Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.plathome.co.jp/support/software/fw5/dx1-v5-0-8/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU97172240/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-21411",
"datePublished": "2026-01-06T06:34:11.329Z",
"dateReserved": "2026-01-05T02:44:14.797Z",
"dateUpdated": "2026-01-06T14:49:01.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21411\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-06T14:47:57.055920Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-06T14:48:03.722Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Plat\u0027Home Co.,Ltd.\", \"product\": \"OpenBlocks IoT DX1 (FW5.0.x)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions prior to FW5.0.8\"}]}, {\"vendor\": \"Plat\u0027Home Co.,Ltd.\", \"product\": \"OpenBlocks IoT EX/BX models (FW5.0.x)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions prior to FW5.0.8\"}]}, {\"vendor\": \"Plat\u0027Home Co.,Ltd.\", \"product\": \"OpenBlocks IX9 models with FW (FW5.0.x)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions prior to FW5.0.8\"}]}, {\"vendor\": \"Plat\u0027Home Co.,Ltd.\", \"product\": \"OpenBlocks IoT VX2 (FW5.0.x)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions prior to FW5.0.8\"}]}, {\"vendor\": \"Plat\u0027Home Co.,Ltd.\", \"product\": \"OpenBlocks IDM RX1 (FW5.0.x)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions prior to FW5.0.8\"}]}, {\"vendor\": \"Plat\u0027Home Co.,Ltd.\", \"product\": \"OpenBlocks IoT FX1 (FW5.0.x)\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions prior to FW5.0.8\"}]}], \"references\": [{\"url\": \"https://www.plathome.co.jp/support/software/fw5/dx1-v5-0-8/\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU97172240/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-288\", \"description\": \"Authentication Bypass Using an Alternate Path or Channel\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2026-01-06T06:34:11.329Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21411\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-06T14:49:01.813Z\", \"dateReserved\": \"2026-01-05T02:44:14.797Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2026-01-06T06:34:11.329Z\", \"assignerShortName\": \"jpcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…