[Japanese]

JVNDB-2026-001001

Authentication bypass vulnerability in OpenBlocks series

Overview

OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability.
  • Authentication bypass (CWE-288) - CVE-2026-21411
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


Plat'Home Co., Ltd.
  • OpenBlocks IDM RX1 (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IoT DX1 (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IoT EX/BX models (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IoT FX1 (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IoT VX2 (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IX9 models with FW (FW5.0.x) all versions prior to FW5.0.8

Impact

An attacker could bypass administrator authentication and change the password.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

Plat'Home Co., Ltd.
CWE (What is CWE?)

  1. Authentication Bypass Using an Alternate Path or Channel(CWE-288) [Other]
CVE (What is CVE?)

  1. CVE-2026-21411
References

  1. JVN : JVNVU#97172240
Revision History

  • [2026/01/07]
      Web page was published

Date Public2026/01/06
Date First Published2026/01/07
Date Last Updated2026/01/07