wireless LAN access point
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40621 | Cri | 0.64 | 9.8 | 0.00 | May 13, 2026 | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | ||
| CVE-2024-43689 | Cri | 0.64 | 9.8 | 0.01 | Oct 21, 2024 | Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed. | ||
| CVE-2023-40072 | Hig | 0.57 | 8.8 | 0.02 | Aug 18, 2023 | OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | ||
| CVE-2026-35506 | Hig | 0.47 | 7.2 | 0.01 | May 13, 2026 | ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed. | ||
| CVE-2026-25107 | Med | 0.42 | 6.5 | 0.00 | May 13, 2026 | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted… | ||
| CVE-2024-42412 | Med | 0.40 | 6.1 | 0.00 | Aug 30, 2024 | Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. |
- risk 0.64cvss 9.8epss 0.00
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.
- risk 0.64cvss 9.8epss 0.01
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.
- risk 0.57cvss 8.8epss 0.02
OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
- risk 0.47cvss 7.2epss 0.01
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.
- risk 0.42cvss 6.5epss 0.00
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted…
- risk 0.40cvss 6.1epss 0.00
Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.