Elecom WRC-1467GHBK-A 注入漏洞

The ELECOM WRC-1467GHBK-A is a wireless access device. The ELECOM WRC-1467GHBK-A suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script or HTML code...

Elecom ELECOM WRC-300FEBK-S 信任管理问题漏洞

The ELECOM WRC-300FEBK-S is a network camera for the home from Elecom Japan. A certificate validation error vulnerability exists in the ELECOM WRC-300FEBK-S, which can be exploited by an attacker to alter the communication response and execute arbitrary commands on the product...

JVN#98115035: Android App "ELECOM File Manager" vulnerable to directory traversal

Android App "ELECOM File Manager" provided by ELECOM CO.,LTD. contains a directory traversal vulnerability CWE-22 due to a flaw in the processing of the filenames when extracting the compressed files. Impact A remote attacker may create an arbitrary file or overwrite an existing file in a directo...

Elecom LD-PS/U1 安全漏洞

The ELECOM LD-PS/U1 is a USB print server. An access control error vulnerability exists in the ELECOM LD-PS/U1, which can be exploited by an attacker to submit a special request to change the administrator password...

Elecom ELECOM WRC-300FEBK-A 跨站脚本漏洞

The ELECOM WRC-300FEBK-A is a wireless access device. A cross-site scripting vulnerability exists in the ELECOM WRC-300FEBK-A, which can be exploited by attackers to inject malicious script or HTML code...

Elecom ELECOM WRC-300FEBK-A 跨站请求伪造漏洞

The ELECOM WRC-300FEBK-A is a wireless access device. The ELECOM WRC-300FEBK-A suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, and perform a malicious operation in the context of the target user...

Elecom ELECOM WRC-300FEBK-S 操作系统命令注入漏洞

The ELECOM WRC-300FEBK-S is a wireless access device. An arbitrary command execution vulnerability exists in the ELECOM WRC-300FEBK-S, which can be exploited by an attacker to execute arbitrary OS commands...

Elecom ELECOM WRC-300FEBK-S 跨站请求伪造漏洞

The ELECOM WRC-300FEBK-S is a wireless access device. A cross-site request forgery vulnerability exists in the ELECOM WRC-300FEBK-S, which can be exploited by an attacker to submit a special request, alter the communication response, and execute arbitrary OS commands in the application context...

Elecom NCC-EWF100RMWH2 跨站请求伪造漏洞

The ELECOM NCC-EWF100RMWH2 is a wireless access device. The ELECOM NCC-EWF100RMWH2 suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to construct a malicious URI, bait a request, and perform a malicious operation in the context of the target user...

JVN#47580234: Multiple vulnerabilities in multiple ELECOM products

Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Improper Access Control CWE-284 - CVE-2021-20643 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:N/I:P/A:N| Base Score:...

CVE-2020-5634

ELECOM LAN routers WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10 allow an attacker on the same network segment to execute arbitrary OS commands with a...

CVE-2020-5634

ELECOM LAN routers WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10 allow an attacker on the same network segment to execute arbitrary OS commands with a...

Design/Logic Flaw

ELECOM LAN routers WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10 allow an attacker on the same network segment to execute arbitrary OS commands with a...

CVE-2020-5634

CVE-2020-5634 affects ELECOM LAN routers (WRC-2533GST2, WRC-1900GST2, WRC-1750GST2, WRC-1167GST2). The root cause is an OS command injection vulnerability that allows a remote attacker on the same network segment to execute arbitrary commands with root privileges via unspecified vectors. Affected...

CVE-2020-5634

ELECOM LAN routers WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10 allow an attacker on the same network segment to execute arbitrary OS commands with a...

OS command injection vulnerability in multiple ELECOM LAN routers

Overview Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Katsuhiko Satoa.k.a. gorohkun of 00One, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

JVN#82892096: OS command injection vulnerability in multiple ELECOM LAN routers

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability CWE-78. Impact A remote attacker who can access the management screen of the affected device may execute an arbitrary OS command with root privilege. Solution Apply the appropriate firmware updat...