PT-2024-28550 · Elecom · Elecom Wireless Lan Routers

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers affected versions not specified Description: A specially crafted request may be sent to the affected product by a logged-in user with administrative privilege to execute an arbitrary OS command. This issue exists i...

Multiple vulnerabilities in ELECOM wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 CVE-2024-34021 OS Command Injection CWE-78 CVE-2024-39607 Cross-Site Request Forgery CWE-352 CVE-2024-40883 CVE-2024-34021 Toya...

ELECOM WRC-2533GS2V-B、WRC-2533GS2-B和WRC-2533GS2-W 安全漏洞

ELECOM WRC-2533GS2V-B and others are a wireless router from ELECOM Japan. A security vulnerability exists in v1.68 and earlier versions of the ELECOM WRC-2533GS2V-B, WRC-2533GS2-B, and WRC-2533GS2-W. The vulnerability stems from the possibility that a logged-in user with administrative privileges...

ELECOM WRC-X6000XS-G、WRC-X1500GS-B和WRC-X1500GSA-B 安全漏洞

ELECOM WRC-X6000XS-G and others are a wireless router from ELECOM Japan. A security vulnerability exists in the ELECOM WRC-X6000XS-G, WRC-X1500GS-B, WRC-X1500GSA-B v1.11 and earlier versions, which originates from viewing a malicious page while logged in to an affected product with administrative...

JVN#06672778: Multiple vulnerabilities in ELECOM wireless LAN routers

Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type CWE-434 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8 CVE-2024-34021 OS Command Injection CWE-78...

ELECOM WRC-X6000XS-G、WRC-X1500GS-B和WRC-X1500GSA-B 安全漏洞

ELECOM WRC-X6000XS-G and others are a wireless router from ELECOM Japan. A security vulnerability exists in the ELECOM WRC-X6000XS-G, WRC-X1500GS-B, and WRC-X1500GSA-B v1.11 and earlier versions, which stems from the possibility that a logged in user with administrative privileges could send a...

ELECOM wireless LAN routers vulnerable to OS command injection

Overview Wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user who can log in to the product sends a specially crafte...

ELECOM WRC-X5400GS-B和WRC-X5400GSA-B 安全漏洞

The ELECOM WRC-X5400GS-B is a Wi-Fi Gigabit router from ELECOM Japan. A security vulnerability exists in the ELECOM WRC-X5400GS-B v1.0.10 and earlier and WRC-X5400GSA-B v1.0.10 and earlier, which stems from a contained operating system command injection vulnerability...

CVE-2024-29225

ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request...

CVE-2024-26258

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product...

CVE-2024-25568

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...

PT-2024-21010 · Elecom · Wmc-X1800Gst-B +2

Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers versions prior to v1.25 WRC-G01-W versions prior to v1.24 WMC-X1800GST-B versions prior to v1.41 Description: The issue allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending...

Multiple vulnerabilities in ELECOM wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2024-25568 OS Command Injection CWE-78 - CVE-2024-26258 Exposure of Sensitive Information to an Unauthorized Actor CWE-200 - CVE-2024-29225 Chuya...

PT-2024-22821 · Elecom · Elecom Wrc-X3200Gst3-B +1

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-X3200GST3-B versions 1.25 and earlier ELECOM WRC-G01-W versions 1.24 and earlier Description: The issue allows a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending...

PT-2024-21312 · Elecom · Elecom Wrc-X3200Gst3-B +1

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-X3200GST3-B versions 1.25 and earlier ELECOM WRC-G01-W versions 1.24 and earlier Description: The issue allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to...

ELECOM wireless LAN routers 安全漏洞

ELECOM wireless LAN routers are a series of routers from ELECOM Japan. A security vulnerability exists in ELECOM wireless LAN routers that originates from allowing an attacker to send a crafted request and execute arbitrary operating system commands. The following products and versions are...

ELECOM wireless LAN routers 安全漏洞

ELECOM wireless LAN routers are a series of routers from ELECOM Japan. A security vulnerability exists in ELECOM wireless LAN routers that stems from the presence of an information disclosure vulnerability. An attacker can exploit this vulnerability by sending a malicious request to steal...

ELECOM wireless LAN routers 安全漏洞

ELECOM wireless LAN routers are a series of routers from ELECOM Japan. A security vulnerability exists in ELECOM wireless LAN routers that originates from allowing an attacker to execute arbitrary operating system commands by sending a crafted request. The following products and versions are...

CVE-2024-21798

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...

CVE-2024-23910

Cross-site request forgery CSRF vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B a...