VYPR
Vendor

ELECOM CO.,LTD.

Products
55
CVEs
79
Across products
114
Status
Private

Products

55
View all 55 products →

Recent CVEs

79
View all 79 CVEs →
  • CVE-2026-40621CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

  • CVE-2026-24465CriFeb 3, 2026
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.

  • CVE-2025-48890CriJun 24, 2025
    risk 0.64cvss 9.8epss 0.03

    WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…

  • CVE-2025-43879CriJun 24, 2025
    risk 0.64cvss 9.8epss 0.03

    WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…

  • CVE-2026-22550HigFeb 3, 2026
    risk 0.57cvss 8.8epss 0.02

    OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.

  • CVE-2025-41427HigJun 24, 2025
    risk 0.57cvss 8.8epss 0.01

    WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected…

  • CVE-2024-25568HigApr 4, 2024
    risk 0.57cvss 8.8epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and…

  • CVE-2026-35506HigMay 13, 2026
    risk 0.47cvss 7.2epss 0.01

    ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.

  • CVE-2025-53472HigJul 22, 2025
    risk 0.47cvss 7.2epss 0.01

    WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.

  • CVE-2025-39240HigJun 13, 2025
    risk 0.47cvss 7.2epss 0.01

    Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to…

  • CVE-2024-26258HigApr 4, 2024
    risk 0.46cvss 7.1epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.

  • CVE-2025-66271MedDec 9, 2025
    risk 0.44cvss 6.7epss 0.00

    Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-61865MedOct 23, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2024-39607MedAug 1, 2024
    risk 0.44cvss 6.8epss 0.01

    OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.

  • CVE-2024-36103MedJun 12, 2024
    risk 0.44cvss 6.8epss 0.01

    OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

  • CVE-2024-25579MedFeb 28, 2024
    risk 0.44cvss 6.8epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh…

  • CVE-2026-25107MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted…

  • CVE-2024-6044MedJun 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.

  • CVE-2024-34577MedAug 30, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed…

  • CVE-2025-43877MedJun 24, 2025
    risk 0.35cvss 5.4epss 0.00

    WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.