Published:2026/01/06  Last Updated:2026/01/06

JVNVU#97172240
Authentication bypass vulnerability in OpenBlocks series

Overview

OpenBlocks series provided by Plat'Home Co.,Ltd. contains an authentication bypass vulnerability.

Products Affected

  • OpenBlocks IoT DX1 (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IoT EX/BX models (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IX9 models with FW (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IoT VX2 (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IDM RX1 (FW5.0.x) all versions prior to FW5.0.8
  • OpenBlocks IoT FX1 (FW5.0.x) all versions prior to FW5.0.8

Description

OpenBlocks series provided by Plat'Home Co.,Ltd. contains the following vulnerability.

  • Authentication bypass (CWE-288)
    • CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7
    • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
    • CVE-2026-21411

Impact

An attacker could bypass administrator authentication and change the password.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
Plat'Home Co.,Ltd. Vulnerable 2026/01/06

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2026-21411
JVN iPedia