537 matches found
CVE-2026-42961
ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...
CVE-2026-42961
ELECOM wireless LAN access point devices are affected by CVE-2026-42961 due to inadequate CSRF token handling. An authenticated user viewing a malicious page could trigger unintended operations. CVSS metrics in the sources show MEDIUM severity (CVSS3.0: 4.3; CVSS4.0: 5.1) with Network access and ...
CVE-2026-42950
The CVE-2026-42950 entry concerns ELECOM wireless LAN access point devices where the language parameter can be given an inappropriate value. The underlying issue may cause the admin page in the user’s web browser to become broken if a logged-in user visits a malicious page. Documented impact is b...
CVE-2026-42950
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...
CVE-2026-42950
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...
CVE-2026-42950
ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may become broken...
CVE-2026-42948
CVE-2026-42948 is a stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices. The issue occurs when an administrator inputs malicious data in the device’s web interface, allowing an arbitrary script to be executed in another administrative user’s browser. The entry pr...
CVE-2026-42948
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...
CVE-2026-42948
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...
CVE-2026-42948
Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...
CVE-2026-42062
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...
CVE-2026-42062
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...
CVE-2026-42062
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required...
CVE-2026-40621
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...
CVE-2026-40621
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...
CVE-2026-40621
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...
CVE-2026-40621
CVE-2026-40621 affects ELECOM wireless LAN access point devices where certain URLs are accessible without authentication. The description indicates unauthenticated access to specific endpoints, implying a lack of access control on those URLs. CVSS metrics (from JPCERT) show critical impact: high ...
CVE-2026-35506
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
CVE-2026-35506
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...
CVE-2026-35506
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of pingipaddr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed...