OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit “WMC-2LX-B”.
[
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "elecom",
"product": "wrc-x3200gst3-b_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "1.25"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"vendor": "elecom",
"product": "wrc-g01-w_firmware",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "1.24"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*"
],
"vendor": "elecom",
"product": "wmc-x1800gst-b",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "1.41"
}
],
"defaultStatus": "unknown"
}
]