OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
[
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x5400gs-b:*:*:*:*:*:*:*:*"
],
"vendor": "elecom",
"product": "wrc-x5400gs-b",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "1.0.10"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x5400gsa-b:*:*:*:*:*:*:*:*"
],
"vendor": "elecom",
"product": "wrc-x5400gsa-b",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "1.0.10"
}
],
"defaultStatus": "unknown"
}
]