Command injection

2024-02-2823:15:00

PRIOn knowledge base

www.prio-n.com

command injection

elecom routers

os commands

network-adjacent attacker

administrative privilege

vulnerable products

nvd

8.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.

References

jvn.jp/en/vu/JVNVU99444194/

www.elecom.co.jp/news/security/20240220-01/