VYPR

wireless LAN access point

by ELECOM CO.,LTD.

CVEs (6)

  • CVE-2026-40621CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

  • CVE-2024-43689CriOct 21, 2024
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.

  • CVE-2023-40072HigAug 18, 2023
    risk 0.57cvss 8.8epss 0.02

    OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

  • CVE-2026-35506HigMay 13, 2026
    risk 0.47cvss 7.2epss 0.01

    ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.

  • CVE-2026-25107MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted…

  • CVE-2024-42412MedAug 30, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.