Lucene search
K

537 matches found

Vulnrichment
Vulnrichment
added 2026/05/13 12:2 p.m.8 views

CVE-2026-42961

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

5.1CVSS5.8AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:2 p.m.20 views

CVE-2026-42961

ELECOM wireless LAN access point devices are affected by CVE-2026-42961 due to inadequate CSRF token handling. An authenticated user viewing a malicious page could trigger unintended operations. CVSS metrics in the sources show MEDIUM severity (CVSS3.0: 4.3; CVSS4.0: 5.1) with Network access and ...

5.1CVSS5.8AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:2 p.m.23 views

CVE-2026-42950

The CVE-2026-42950 entry concerns ELECOM wireless LAN access point devices where the language parameter can be given an inappropriate value. The underlying issue may cause the admin page in the user’s web browser to become broken if a logged-in user visits a malicious page. Documented impact is b...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:2 p.m.7 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:2 p.m.7 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS5.8AI score0.00207EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2026/05/13 12:2 p.m.61 views

CVE-2026-42950

ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...

5.1CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:2 p.m.19 views

CVE-2026-42948

CVE-2026-42948 is a stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices. The issue occurs when an administrator inputs malicious data in the device’s web interface, allowing an arbitrary script to be executed in another administrative user’s browser. The entry pr...

4.8CVSS5.7AI score0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:2 p.m.8 views

CVE-2026-42948

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

4.8CVSS5.7AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:2 p.m.52 views

CVE-2026-42948

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

4.8CVSS0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:2 p.m.11 views

CVE-2026-42948

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

4.8CVSS5.7AI score0.00161EPSS
Exploits0References3Affected Software4
Vulnrichment
Vulnrichment
added 2026/05/13 12:1 p.m.10 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS7.4AI score0.01633EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:1 p.m.5 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS7.4AI score0.01633EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2026/05/13 12:1 p.m.59 views

CVE-2026-42062

ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...

9.8CVSS0.01633EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:1 p.m.7 views

CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

9.8CVSS5.8AI score0.00491EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:1 p.m.8 views

CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

9.8CVSS7.3AI score0.00491EPSS
Exploits0References3Affected Software4
Cvelist
Cvelist
added 2026/05/13 12:1 p.m.70 views

CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

9.8CVSS0.00491EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:1 p.m.15 views

CVE-2026-40621

CVE-2026-40621 affects ELECOM wireless LAN access point devices where certain URLs are accessible without authentication. The description indicates unauthenticated access to specific endpoints, implying a lack of access control on those URLs. CVSS metrics (from JPCERT) show critical impact: high ...

9.8CVSS7.3AI score0.00491EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:1 p.m.47 views

CVE-2026-35506

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...

8.6CVSS0.01308EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 12:1 p.m.7 views

CVE-2026-35506

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...

8.6CVSS7.2AI score0.01308EPSS
Exploits0References3Affected Software4
Vulnrichment
Vulnrichment
added 2026/05/13 12:1 p.m.8 views

CVE-2026-35506

ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...

8.6CVSS5.9AI score0.01308EPSS
Exploits0References2
Rows per page
Query Builder