CVE-2026-32326 - Vulnerability Details

- Unauthorized Access to Sharp 5G Routers via Unauthenticated Web APIs

Description

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.

Published: 2026-03-25

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The routers lack authentication for certain web APIs, allowing anyone on the network to retrieve device information without credentials. If the device's administrative password remains set to the factory default, the attacker can gain full administrative control, effectively taking over the device. This issue is classified as an authentication bypass vulnerability (CWE-306).

Affected Systems

Sharp Corporation's 5G Mobile Router SH-U01, Pocket WiFi 5G A503SH, Speed Wi-Fi 5G X01, Wi-Fi STATION SH-52A, Wi-Fi STATION SH-52B, Wi-Fi STATION SH-54C, home 5G HR01, and home 5G HR02 are impacted. Version information is not specified, but all models shipped before the recent advisory are potentially vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium-to-high severity. With no credentials required, an attacker who can reach the device over the network can automatically access the vulnerable endpoints, retrieve configuration data, and, if default credentials are still in use, assume administrative privileges. While the EPSS score is not available and the vulnerability is not listed in KEV, the lack of authentication makes exploitation straightforward and the potential impact significant.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Sharp Corporation

home 5G HR01

affected

Version	Status	Constraints
`38JP_0_490 and earlier`	affected	—

Sharp Corporation

home 5G HR02

affected

Version	Status	Constraints
`S5.A1.00 and earlier`	affected	—

Sharp Corporation

Wi-Fi STATION SH-52A

affected

Version	Status	Constraints
`38JP_2_03J and earlier`	affected	—

Sharp Corporation

Wi-Fi STATION SH-52B

affected

Version	Status	Constraints
`S3.87.15 and earlierr`	affected	—

Sharp Corporation

Wi-Fi STATION SH-54C

affected

Version	Status	Constraints
`S6.64.00 and earlier`	affected	—

Sharp Corporation

5G Mobile Router SH-U01

affected

Version	Status	Constraints
`S4.48.00 and earlier`	affected	—

Sharp Corporation

Pocket WiFi 5G A503SH

affected

Version	Status	Constraints
`S7.41.00 and earlier`	affected	—

Sharp Corporation

Speed Wi-Fi 5G X01

affected

Version	Status	Constraints
`3RJP_2_03I and earlier`	affected	—

No data.

Vendor Product Confidence Versions

Sharp

5g Mobile Router Sh-u01

100%

Version	Status	Scheme	Platform
`[0,S4.48.00]`	affected	generic	—

Sharp

Home 5g Hr01

100%

Version	Status	Scheme	Platform
`[0,38JP_0_490]`	affected	generic	—

Sharp

Home 5g Hr02

100%

Version	Status	Scheme	Platform
`[0,S5.A1.00]`	affected	generic	—

Sharp

Pocket Wifi 5g A503sh

100%

Version	Status	Scheme	Platform
`[0,S7.41.00]`	affected	generic	—

Sharp

Speed Wi-fi 5g X01

100%

Version	Status	Scheme	Platform
`[0,3RJP_2_03I]`	affected	generic	—

Sharp

Wi-fi Station Sh-52a

100%

Version	Status	Scheme	Platform
`[0,38JP_2_03J]`	affected	generic	—

Sharp

Wi-fi Station Sh-52b

100%

Version	Status	Scheme	Platform
`[0,S3.87.15]`	affected	generic	—

Sharp

Wi-fi Station Sh-54c

100%

Version	Status	Scheme	Platform
`[0,S6.64.00]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update provided by Sharp to remediate the authentication bypass.
Change the default administrative password to a strong, unique password.
If remote management is unnecessary, disable remote access or block traffic to the affected web API ports.
Monitor the device logs for any unauthorized access attempts and review network traffic for anomalous activity.

Generated by OpenCVE AI on March 25, 2026 at 09:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://global.sharp/corporate/info/product-security/advisory-list/2026-002/
https://jvn.jp/en/jp/JVN49524110/

History

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Title		Unauthorized Access to Sharp 5G Routers via Unauthenticated Web APIs

Wed, 25 Mar 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 25 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sharp Sharp 5g Mobile Router Sh-u01 Sharp home 5g Hr01 Sharp home 5g Hr02 Sharp pocket Wifi 5g A503sh Sharp speed Wi-fi 5g X01 Sharp wi-fi Station Sh-52a Sharp wi-fi Station Sh-52b Sharp wi-fi Station Sh-54c
Vendors & Products		Sharp Sharp 5g Mobile Router Sh-u01 Sharp home 5g Hr01 Sharp home 5g Hr02 Sharp pocket Wifi 5g A503sh Sharp speed Wi-fi 5g X01 Sharp wi-fi Station Sh-52a Sharp wi-fi Station Sh-52b Sharp wi-fi Station Sh-54c

Wed, 25 Mar 2026 08:00:00 +0000

Type	Values Removed	Values Added
Description		SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.
Weaknesses		CWE-306
References		https://global.sharp/corporate/info/product-security/advisory-list/2026-002/ https://jvn.jp/en/jp/JVN49524110/
Metrics		cvssV3_0 `{'score': 5.7, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Sharp 5g Mobile Router Sh-u01 Home 5g Hr01 Home 5g Hr02 Pocket Wifi 5g A503sh Speed Wi-fi 5g X01 Wi-fi Station Sh-52a Wi-fi Station Sh-52b Wi-fi Station Sh-54c

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2026-03-25T07:38:20.672Z

Updated: 2026-03-25T13:26:49.064Z

Reserved: 2026-03-12T06:43:35.484Z

Link: CVE-2026-32326

Vulnrichment

Updated: 2026-03-25T13:26:45.602Z

NVD

Status : Awaiting Analysis

Published: 2026-03-25T08:16:22.547

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-32326

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-25T21:15:54Z

Weaknesses

CWE-306

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object