ELECOM wireless LAN access points use a fixed cryptographic key when creating backup configuration files. An attacker who discovers this key can modify the backup file, after which the compromised configuration may be loaded by an administrator. The result is unauthorized changes to network settings, potentially exposing the network or enabling further malicious activity. The flaw affects the integrity of critical device configuration data.

Affected devices include ELECOM wireless LAN access points: WRC‑X1800GS‑B, WRC‑X1800GSA‑B, WRC‑X1800GSH‑B, WRC‑X3000GS2‑B, WRC‑X3000GS2‑W, WRC‑X3000GS2A‑B, WRC‑X3000GST2‑B, WRC‑X6000QS‑G, WRC‑X6000QSA‑G, WRC‑X6000XS‑G, WRC‑X6000XST‑G, WRC‑XE5400GS‑G, and WRC‑XE5400GSA‑G. No specific firmware or revision numbers are provided, so all models using the described backup feature are potentially vulnerable.

The CVSS score of 6.9 indicates a moderate to high severity. EPSS data is currently unavailable, and the vulnerability is not listed in the CISA KEV catalog. The attack path requires an attacker to obtain the hard‑coded key, which could be derived through firmware reverse engineering or other means. With the key in hand, the attacker can tamper the configuration file and potentially have an administrator unknowingly apply it, leading to persistent misconfiguration of the network device.