CVE-2025-53472

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI...

CVE-2025-46267

Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI...

CVE-2025-46267

Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI...

CVE-2025-46267

CVE-2025-46267 affects ELECOM WRC-BE36QS-B and WRC-W701-B wireless routers. A remote attacker who can log in to WebGUI can enable the device’s hidden debug function. Documented CVSS: v3.1 base 4.9 (Network, Low complexity, Privileges: High, Confidentiality: None, Integrity: High, Availability: No...

CVE-2025-46267

Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI...

CVE-2025-53472

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI...

CVE-2025-53472

ELECOM WRC-BE36QS-B and WRC-W701-B have an OS command injection vulnerability in the WebGUI caused by improper neutralization of special elements. A remote attacker who can log in to WebGUI may execute arbitrary OS commands. Impact is described as high (possible remote code execution); exploitati...

CVE-2025-53472

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI...

PT-2025-30391 · Unknown · Wrc-Be36Qs-B +1

Name of the Vulnerable Software and Affected Versions: WRC-BE36QS-B WRC-W701-B Description: A hidden functionality issue exists that may allow a remote attacker to enable the product’s hidden debug function by logging into the WebGUI. Recommendations: At the moment, there is no information about ...

PT-2025-30392 · Unknown · Wrc-Be36Qs-B +1

Name of the Vulnerable Software and Affected Versions: WRC-BE36QS-B WRC-W701-B Description: The WebGUI component contains an improper neutralization of special elements used in an OS command, potentially allowing a remote attacker who can log in to WebGUI to execute arbitrary OS commands...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026 Improper Access Control Granularity impacting Infinera G42

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026 Improper Access Control Granularity impacting Infinera G42

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026

CVE-2025-27026 affects Infinera G42 version R6.1.3. A missing double‑check feature in the WebGUI CLI deactivation allows an authenticated administrator to disable multiple management interfaces across local and network access. The WebGUI‑driven CLI deactivation not only stops the CLI but also dea...

CVE-2025-27023

Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of...

CVE-2025-27023

CVE-2025-27023 affects Infinera G42, specifically version R6.1.3. The issue is improper input validation in the WebGUI CLI web interface, enabling remote authenticated users to read all OS files by crafting CLI commands (and by triggering execution of a script-file present on the device). The roo...

CVE-2025-27022 Path Traversal Vulnerability in Infinera G42

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target...

CVE-2025-27022

The CVE-2025-27022 entry concerns Infinera G42 WebGUI HTTP endpoint in version R6.1.3 with a path traversal vulnerability. Root cause: lack of sufficient validation of user-supplied input enables authenticated users to access files readable by the httpd service user, potentially downloading OS fi...

PT-2025-27618 · Infinera · Infinera G42

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3 Description: The issue is related to insufficient input validation in the WebGUI CLI web interface of the Infinera G42 appliance. This allows remote authenticated users to read all OS files via crafted CLI commands...