wireless LAN routers
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-26258 | Hig | 0.46 | 7.1 | 0.01 | Apr 4, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product. | ||
| CVE-2024-39607 | Med | 0.44 | 6.8 | 0.01 | Aug 1, 2024 | OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command. | ||
| CVE-2024-6044 | Med | 0.42 | 6.5 | 0.00 | Jun 17, 2024 | Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL. | ||
| CVE-2024-29225 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2024 | ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request. | ||
| CVE-2024-23486 | 0.00 | — | 0.01 | Apr 15, 2024 | Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. | |||
| CVE-2023-39454 | 0.00 | — | 0.01 | Aug 18, 2023 | Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. |
- risk 0.46cvss 7.1epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
- risk 0.44cvss 6.8epss 0.01
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
- risk 0.42cvss 6.5epss 0.00
Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
- risk 0.28cvss 4.3epss 0.00
ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.
- CVE-2024-23486Apr 15, 2024risk 0.00cvss —epss 0.01
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
- CVE-2023-39454Aug 18, 2023risk 0.00cvss —epss 0.01
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.