ELECOM CO.,LTD.
Products
55- 8 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- View all 55 products →
Recent CVEs
79| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40621 | Cri | 0.64 | 9.8 | 0.00 | May 13, 2026 | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | ||
| CVE-2026-24465 | Cri | 0.64 | 9.8 | 0.01 | Feb 3, 2026 | Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution. | ||
| CVE-2025-48890 | Cri | 0.64 | 9.8 | 0.03 | Jun 24, 2025 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS… | ||
| CVE-2025-43879 | Cri | 0.64 | 9.8 | 0.03 | Jun 24, 2025 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS… | ||
| CVE-2026-22550 | Hig | 0.57 | 8.8 | 0.02 | Feb 3, 2026 | OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution. | ||
| CVE-2025-41427 | Hig | 0.57 | 8.8 | 0.01 | Jun 24, 2025 | WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected… | ||
| CVE-2024-25568 | Hig | 0.57 | 8.8 | 0.01 | Apr 4, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and… | ||
| CVE-2026-35506 | Hig | 0.47 | 7.2 | 0.01 | May 13, 2026 | ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed. | ||
| CVE-2025-53472 | Hig | 0.47 | 7.2 | 0.01 | Jul 22, 2025 | WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI. | ||
| CVE-2025-39240 | Hig | 0.47 | 7.2 | 0.01 | Jun 13, 2025 | Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to… | ||
| CVE-2024-26258 | Hig | 0.46 | 7.1 | 0.01 | Apr 4, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product. | ||
| CVE-2025-66271 | Med | 0.44 | 6.7 | 0.00 | Dec 9, 2025 | Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||
| CVE-2025-61865 | Med | 0.44 | 6.7 | 0.00 | Oct 23, 2025 | Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||
| CVE-2024-39607 | Med | 0.44 | 6.8 | 0.01 | Aug 1, 2024 | OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command. | ||
| CVE-2024-36103 | Med | 0.44 | 6.8 | 0.01 | Jun 12, 2024 | OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | ||
| CVE-2024-25579 | Med | 0.44 | 6.8 | 0.01 | Feb 28, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh… | ||
| CVE-2026-25107 | Med | 0.42 | 6.5 | 0.00 | May 13, 2026 | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted… | ||
| CVE-2024-6044 | Med | 0.42 | 6.5 | 0.00 | Jun 17, 2024 | Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL. | ||
| CVE-2024-34577 | Med | 0.40 | 6.1 | 0.00 | Aug 30, 2024 | Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed… | ||
| CVE-2025-43877 | Med | 0.35 | 5.4 | 0.00 | Jun 24, 2025 | WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product. |
- risk 0.64cvss 9.8epss 0.00
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.
- risk 0.64cvss 9.8epss 0.01
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.03
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…
- risk 0.64cvss 9.8epss 0.03
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…
- risk 0.57cvss 8.8epss 0.02
OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
- risk 0.57cvss 8.8epss 0.01
WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected…
- risk 0.57cvss 8.8epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and…
- risk 0.47cvss 7.2epss 0.01
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.
- risk 0.47cvss 7.2epss 0.01
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.
- risk 0.47cvss 7.2epss 0.01
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to…
- risk 0.46cvss 7.1epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
- risk 0.44cvss 6.7epss 0.00
Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- risk 0.44cvss 6.7epss 0.00
Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- risk 0.44cvss 6.8epss 0.01
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
- risk 0.44cvss 6.8epss 0.01
OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
- risk 0.44cvss 6.8epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh…
- risk 0.42cvss 6.5epss 0.00
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted…
- risk 0.42cvss 6.5epss 0.00
Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
- risk 0.40cvss 6.1epss 0.00
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed…
- risk 0.35cvss 5.4epss 0.00
WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.