cbcvebase.
CVE-2026-3356
published 2026-03-31

CVE-2026-3356: The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management…

PriorityP263critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.39%
30.5th percentile
The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.

Affected

4 ranges
VendorProductVersion rangeFixed in
anritsuremote_spectrum_monitor_ms27100a
anritsuremote_spectrum_monitor_ms27101a
anritsuremote_spectrum_monitor_ms27102a
anritsuremote_spectrum_monitor_ms27103a

Detection & IOCsextracted from sources · hover to see the quote

  • The affected devices (MS27100A, MS27101A, MS27102A, MS27103A) have no authentication mechanism on their management interface — any unauthenticated network request to the management interface should be treated as suspicious and investigated.
  • Successful exploitation allows attackers to alter operational settings, obtain sensitive signal data, or disrupt device availability — monitor for unexpected configuration changes or unusual data exfiltration from Anritsu Remote Spectrum Monitor devices on the network.
  • ·There is no patch or fix available — Anritsu has no plans to remediate this vulnerability. The only mitigation is network isolation.
  • ·The vulnerability is by design, not misconfiguration — the device provides absolutely no mechanism to enable or configure authentication, so there is no hardening option available on the device itself.
  • ·No known public exploitation has been reported at time of advisory publication, but the CVSS 3.1 score is 9.8 CRITICAL (AV:N/AC:L/PR:N/UI:N) — network-accessible instances are trivially exploitable with no privileges or user interaction required.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.