CVE-2026-3356 CRITICAL

CVE-2026-3356: Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor

Vendor Anritsu
Product Remote Spectrum Monitor MS27100A
Weakness CWE-306 · Missing auth
Published March 31, 2026
Last update April 1, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.

Key dates

02Disclosure timeline

March 31, 2026 CVE published
April 1, 2026 Record updated