{"cve":{"cve_id":"CVE-2026-3356","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00387,"epss_percentile":0.30376,"epss_as_of":"2026-06-23","description":"The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.","published_at":"2026-03-31T18:40:17.359000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":9.3,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"CRITICAL","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-306"],"nvd_references":["https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:54.588886Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"anritsu","vendor_name":"Anritsu","product_slug":"remote-spectrum-monitor-ms27100a","product_name":"Remote Spectrum Monitor MS27100A","version_start":"All versions","version_start_inclusive":true,"version_end":"All versions","version_end_inclusive":true,"cpe23_uri":"cve5:anritsu:remote-spectrum-monitor-ms27100a:All versions:All versions"},{"vendor_slug":"anritsu","vendor_name":"Anritsu","product_slug":"remote-spectrum-monitor-ms27101a","product_name":"Remote Spectrum Monitor MS27101A","version_start":"All versions","version_start_inclusive":true,"version_end":"All versions","version_end_inclusive":true,"cpe23_uri":"cve5:anritsu:remote-spectrum-monitor-ms27101a:All versions:All versions"},{"vendor_slug":"anritsu","vendor_name":"Anritsu","product_slug":"remote-spectrum-monitor-ms27102a","product_name":"Remote Spectrum Monitor MS27102A","version_start":"All versions","version_start_inclusive":true,"version_end":"All versions","version_end_inclusive":true,"cpe23_uri":"cve5:anritsu:remote-spectrum-monitor-ms27102a:All versions:All versions"},{"vendor_slug":"anritsu","vendor_name":"Anritsu","product_slug":"remote-spectrum-monitor-ms27103a","product_name":"Remote Spectrum Monitor MS27103A","version_start":"All versions","version_start_inclusive":true,"version_end":"All versions","version_end_inclusive":true,"cpe23_uri":"cve5:anritsu:remote-spectrum-monitor-ms27103a:All versions:All versions"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2026-03-31T18:40:17.359000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:53:43.918028Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:43.918028Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:43.918028Z","label":"CVSS score revised","source":"cvelistv5"}]}