537 matches found
JVN#24885537: Multiple vulnerabilities in ELECOM wireless LAN routers and access points
Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score...
ELECOM WAB-I1750-PS 访问控制错误漏洞
The ELECOM WAB-I1750-PS is a wireless access point from ELECOM Japan. An access control error vulnerability exists in the ELECOM WAB-I1750-PS v1.5.10 and earlier versions, which stems from the lack of an authentication mechanism for the Telnet function in wireless LAN routers and access points,...
CVE-2024-40883
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc...
CVE-2024-40883
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc...
CVE-2024-40883
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc...
CVE-2024-34021
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution...
CVE-2024-39607
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...
CVE-2024-34021
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution...
CVE-2024-39607
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...
CVE-2024-40883
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc...
CVE-2024-40883
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc...
CVE-2024-40883
CVE-2024-40883 is a Cross-site request forgery vulnerability in ELECOM wireless LAN routers. The issue occurs when an administrator views a malicious page while logged into affected devices, which may cause unintended actions such as changing login credentials. Connected documents identify affect...
CVE-2024-39607
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...
CVE-2024-39607
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...
CVE-2024-39607
Summary: CVE-2024-39607 is an OS command injection vulnerability in ELECOM wireless LAN routers. A logged-in administrator can send a specially crafted request to execute arbitrary OS commands. The issue is documented for multiple ELECOM models (e.g., WRC‑X1500GS‑B, WRC‑X1500GSA‑B, WRC‑X6000XS‑G,...
CVE-2024-34021
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution...
CVE-2024-34021
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution...
CVE-2024-34021
CVE-2024-34021 affects ELECOM wireless LAN routers, enabling Unrestricted Upload of a File with Dangerous Type (CWE-434) by an authenticated administrator, leading to arbitrary OS command execution. Connected sources confirm affected models and that the root cause is file upload with dangerous ty...
PT-2024-25648 · Elecom · Elecom Wireless Lan Routers
Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers affected versions not specified Description: The issue allows for the unrestricted upload of files with dangerous types in ELECOM wireless LAN routers. A specially crafted file can be uploaded by a logged-in user...
PT-2024-29127 · Elecom · Elecom Wrc-X1500Gsa-B +1
Name of the Vulnerable Software and Affected Versions: ELECOM WRC-X6000XS-G/WRC-X1500GS-B/WRC-X1500GSA-B versions up to 1.11 Description: A cross-site request forgery issue exists in ELECOM wireless LAN routers. When a user with administrative privileges views a malicious page while logged in to...