CVE-2026-3356

Missing Authentication for Critical Function vulnerability in Anritsu Remote Spectrum Monitor

CVSS 9.3 CRITICALEPSS 0.4%CWE-306

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

31 Mar 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The MS27102A Remote Spectrum Monitor is vulnerable to an authentication bypass that allows unauthorized users to access and manipulate its management interface. Because the device provides no mechanism to enable or configure authentication, the issue is inherent to its design rather than a deployment error.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Anritsu · Remote Spectrum Monitor MS27100A Anritsu · Remote Spectrum Monitor MS27101A Anritsu · Remote Spectrum Monitor MS27102A Anritsu · Remote Spectrum Monitor MS27103A

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-090-01