Multiple vulnerabilities in ELECOM wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-46267 OS command injection in WebGUI CWE-78 - CVE-2025-53472 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC...

CVE-2024-40883

Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc...

ELECOM wireless LAN routers security vulnerability

ELECOM wireless LAN routers are a series of routers from ELECOM Japan. A security vulnerability exists in ELECOM wireless LAN routers that stems from the presence of a cross-site scripting XSS vulnerability that could execute arbitrary script on a web browser...

CVE-2024-22372

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product...

PT-2024-19371 · Elecom · Elecom Wireless Lan Routers

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers affected versions not specified Description: The issue allows a network-adjacent attacker with administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. This c...

PT-2023-26021 · Elecom · Elecom Wrc-1167Febk-A +11

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers versions v1.03 and earlier ELECOM WRC-1167GHBK-S versions v1.03 and earlier ELECOM WRC-1167GEBK-S versions v1.03 and earlier ELECOM WRC-1167FEBK-S versions v1.04 and earlier ELECOM WRC-1167GHBK3-A versions v1.24 an...