Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wrc-X3000Gs2-B Firmware Security Vulnerabilities - November

cve
cve

CVE-2023-43752

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.

8CVSS

7.9AI Score

0.0004EPSS

2023-11-16 07:15 AM
9
cve
cve

CVE-2024-21798

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web bro...

6.1AI Score

0.0004EPSS

2024-02-28 11:15 PM
4292
cve
cve

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B a...

8.8CVSS

7.1AI Score

0.0004EPSS

2024-02-28 11:15 PM
2883
cve
cve

CVE-2024-25568

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1...

8.8CVSS

8AI Score

0.0004EPSS

2024-04-04 12:15 AM
13
cve
cve

CVE-2024-25579

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".

6.8CVSS

7.8AI Score

0.0004EPSS

2024-02-28 11:15 PM
3552
cve
cve

CVE-2024-26258

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.

7.1CVSS

7.4AI Score

0.0004EPSS

2024-04-04 12:15 AM
13
cve
cve

CVE-2024-29225

WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.

6.4AI Score

0.0004EPSS

2024-04-04 12:15 AM
15
cve
cve

CVE-2024-34577

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

6.1CVSS

6.6AI Score

0.0005EPSS

2024-08-30 07:15 AM
26
cve
cve

CVE-2024-36103

OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

6.8CVSS

7.9AI Score

0.0004EPSS

2024-06-12 01:15 AM
10