537 matches found
CVE-2024-25579
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B"...
CVE-2024-21798
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
CVE-2024-25579
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B"...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and...
Cross site scripting
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
Command injection
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and...
CVE-2024-25579
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B"...
CVE-2024-25579
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B"...
CVE-2024-25579
CVE-2024-25579 is an OS command injection in ELECOM wireless LAN routers (notably WRC-1167GS2-B/H-B, WRC-2533GS2-B/W/V-B, WRC-X3200GST3-B, WRC-G01-W) that allows a network-adjacent attacker with administrative privileges to run arbitrary OS commands via a crafted request. Affected versions: WRC-1...
CVE-2024-23910
Cross-site request forgery CSRF vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B a...
CVE-2024-23910
Cross-site request forgery CSRF vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B a...
CVE-2024-23910
CVE-2024-23910 describes a CSRF vulnerability in ELECOM wireless LAN routers and repeaters, allowing remote unauthenticated attackers to hijack administrator sessions and perform unintended operations. Affected products include models such as WMC-X1800GST-B and WSC-X1800GS-B (also part of the e-M...
CVE-2024-21798
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
CVE-2024-21798
The CVE-2024-21798 issue affects ELECOM wireless LAN routers and repeater families. A cross-site scripting (XSS) vulnerability can be triggered when a malicious administrative user configures crafted content; when another admin logs in and operates the device, an arbitrary script may execute in t...
CVE-2024-21798
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...
PT-2024-19064 · Elecom · Elecom Wireless Lan Routers
Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers affected versions not specified Description: The issue is related to a cross-site scripting vulnerability. It is assumed that a malicious administrative user configures the affected product with specially crafted...
PT-2024-20167 · Elecom · Elecom Wireless Lan Repeater +4
Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers and wireless LAN repeater affected versions not specified Description: A cross-site request forgery CSRF issue allows a remote unauthenticated attacker to hijack the authentication of administrators and perform...
PT-2024-21016 · Elecom · Wrc-G01-W +3
Name of the Vulnerable Software and Affected Versions: ELECOM wireless LAN routers versions prior to the following: WRC-1167GS2-B version 1.67 WRC-1167GS2H-B version 1.67 WRC-2533GS2-B version 1.62 WRC-2533GS2-W version 1.62 WRC-2533GS2V-B version 1.62 WRC-X3200GST3-B version 1.25 WRC-G01-W versi...
ELECOM wireless LAN routers vulnerable to OS command injection
Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a logged-in user with an administrative privilege sends a...
Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Overview Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2024-21798 Cross-Site Request Forgery CWE-352 - CVE-2024-23910 CVE-2024-21798 Yamaguchi Kakeru of Fujitsu Limited reported...