CVE-2021-20650

CVE-2021-20650 is a cross-site request forgery (CSRF) vulnerability affecting ELECOM NCC-EWF100RMWH2. The issue allows an attacker to hijack an administrator’s session and issue an arbitrary request, potentially altering device settings and enabling the telnet daemon via an unspecified vector. Pu...

CVE-2021-20650

Cross-site request forgery CSRF vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...

CVE-2021-20648

ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors...

CVE-2021-20649

CVE-2021-20649 affects ELECOM WRC-300FEBK-S with an improper server certificate verification (CWE-295). A MITM can modify the response, potentially allowing arbitrary OS commands to be executed on the device. Affected product in this CVE entry is the WRC-300FEBK-S; impact is confirmed as remote e...

CVE-2021-20648

CVE-2021-20648 affects ELECOM WRC-300FEBK-S: an attacker with administrator rights can execute arbitrary OS commands on the device via unspecified vectors. Public sources confirm the affected product and vulnerability class (OS command injection). No explicit exploit details or vectors are provid...

CVE-2021-20649

ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device...

CVE-2021-20647

Cross-site request forgery CSRF vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...

CVE-2021-20647

CVE-2021-20647 is a CSRF vulnerability in ELECOM WRC-300FEBK-S. The issue allows remote attackers to hijack administrator authentication and issue arbitrary requests, potentially changing device settings or starting a telnet daemon via an unspecified vector. Product: ELECOM WRC-300FEBK-S. Impact ...

CVE-2021-20645

Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors...

CVE-2021-20646

Cross-site request forgery CSRF vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...

CVE-2021-20645

CVE-2021-20645 refers to a stored cross-site scripting vulnerability in ELECOM WRC-300FEBK-A. Public sources describe that an arbitrary script could be executed in the browser of a logged-in user due to a vulnerability in the web setup page, with impact listed as execution of scripts on the user’...

CVE-2021-20646

CVE-2021-20646 affects ELECOM WRC-300FEBK-A and is a Cross-site Request Forgery (CSRF) vulnerability that can hijack an administrator’s session and cause arbitrary requests to be executed, potentially altering device settings or starting a telnet daemon. The connected documents confirm the vulner...

CVE-2021-20644

CVE-2021-20644 affects ELECOM WRC-1467GHBK-A. The vulnerability arises in the web setup page where displaying a specially crafted SSID can cause arbitrary scripts to execute in a user’s browser (cross-site scripting). The connected documents confirm the affected product and the impact as script e...

CVE-2021-20644

ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page...

CVE-2021-20643

Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request...

CVE-2021-20643

CVE-2021-20643 affects ELECOM LD-PS/U1 (USB print server). Improper access control lets remote attackers change the administrative password by processing a specially crafted request. Affected product is LD-PS/U1; vulnerability is network-accessible with low attack complexity and no authentication...

ELECOM WRC-300FEBK-A Cross-Site Scripting Vulnerability (CNVD-2021-14147)

The ELECOM WRC-300FEBK-A is a wireless access device. A cross-site scripting vulnerability exists in the ELECOM WRC-300FEBK-A, which can be exploited by attackers to inject malicious script or HTML code...

ELECOM WRC-300FEBK-S Arbitrary Command Execution Vulnerability

The ELECOM WRC-300FEBK-S is a wireless access device. An arbitrary command execution vulnerability exists in the ELECOM WRC-300FEBK-S, which can be exploited by an attacker to execute arbitrary OS commands...

Android App "ELECOM File Manager" vulnerable to directory traversal

Overview Android App "ELECOM File Manager" provided by ELECOM CO.,LTD. contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting the compressed files. Ryohei Koike reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

Elecom File Manager For Android Path Traversal Vulnerability

Elecom File Manager For Android is an application from Elecom Japan for managing files on Android devices. A security vulnerability exists in ELECOM File Manager: All versions, which allows remote attackers to perform directory traversal attacks...