VYPR

Vendor CVEs

ELECOM CO.,LTD.

All CVEs

79 total · sorted by risk
  • CVE-2026-40621CriMay 13, 2026
    risk 0.64cvss 9.8epss 0.00

    ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.

  • CVE-2026-24465CriFeb 3, 2026
    risk 0.64cvss 9.8epss 0.01

    Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.

  • CVE-2025-48890CriJun 24, 2025
    risk 0.64cvss 9.8epss 0.03

    WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…

  • CVE-2025-43879CriJun 24, 2025
    risk 0.64cvss 9.8epss 0.03

    WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…

  • CVE-2026-22550HigFeb 3, 2026
    risk 0.57cvss 8.8epss 0.02

    OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.

  • CVE-2025-41427HigJun 24, 2025
    risk 0.57cvss 8.8epss 0.01

    WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected…

  • CVE-2024-25568HigApr 4, 2024
    risk 0.57cvss 8.8epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and…

  • CVE-2026-35506HigMay 13, 2026
    risk 0.47cvss 7.2epss 0.01

    ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.

  • CVE-2025-53472HigJul 22, 2025
    risk 0.47cvss 7.2epss 0.01

    WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.

  • CVE-2025-39240HigJun 13, 2025
    risk 0.47cvss 7.2epss 0.01

    Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to…

  • CVE-2024-26258HigApr 4, 2024
    risk 0.46cvss 7.1epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.

  • CVE-2025-66271MedDec 9, 2025
    risk 0.44cvss 6.7epss 0.00

    Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2025-61865MedOct 23, 2025
    risk 0.44cvss 6.7epss 0.00

    Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2024-39607MedAug 1, 2024
    risk 0.44cvss 6.8epss 0.01

    OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.

  • CVE-2024-36103MedJun 12, 2024
    risk 0.44cvss 6.8epss 0.01

    OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

  • CVE-2024-25579MedFeb 28, 2024
    risk 0.44cvss 6.8epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh…

  • CVE-2026-25107MedMay 13, 2026
    risk 0.42cvss 6.5epss 0.00

    ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted…

  • CVE-2024-6044MedJun 17, 2024
    risk 0.42cvss 6.5epss 0.00

    Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.

  • CVE-2024-34577MedAug 30, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed…

  • CVE-2025-43877MedJun 24, 2025
    risk 0.35cvss 5.4epss 0.00

    WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.

  • CVE-2025-46267MedJul 22, 2025
    risk 0.32cvss 4.9epss 0.00

    Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.

  • CVE-2026-24449MedFeb 3, 2026
    risk 0.30cvss 4.6epss 0.00

    For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.

  • CVE-2026-20704MedFeb 3, 2026
    risk 0.28cvss 4.3epss 0.00

    Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.

  • CVE-2024-29225MedApr 4, 2024
    risk 0.28cvss 4.3epss 0.00

    ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.

  • CVE-2024-40883Aug 1, 2024
    risk 0.00cvss epss 0.00

    Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login…

  • CVE-2024-23486Apr 15, 2024
    risk 0.00cvss epss 0.01

    Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.

  • CVE-2024-23910Feb 28, 2024
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B…

  • CVE-2024-21798Feb 28, 2024
    risk 0.00cvss epss 0.01

    ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be…

  • CVE-2024-22372Jan 24, 2024
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

  • CVE-2023-49695Dec 12, 2023
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the…

  • CVE-2023-43752Nov 16, 2023
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.

  • CVE-2023-43757Nov 16, 2023
    risk 0.00cvss epss 0.01

    Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the…

  • CVE-2023-40069Aug 18, 2023
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all…

  • CVE-2023-39944Aug 18, 2023
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.

  • CVE-2023-39455Aug 18, 2023
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions,…

  • CVE-2023-39454Aug 18, 2023
    risk 0.00cvss epss 0.01

    Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.

  • CVE-2023-39445Aug 18, 2023
    risk 0.00cvss epss 0.01

    Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.

  • CVE-2023-32626Aug 18, 2023
    risk 0.00cvss epss 0.01

    Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.

  • CVE-2023-37565Jul 13, 2023
    risk 0.00cvss epss 0.00

    Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03…

  • CVE-2023-37564Jul 13, 2023
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03…

  • CVE-2023-37563Jul 13, 2023
    risk 0.00cvss epss 0.00

    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier,…

  • CVE-2023-37562Jul 13, 2023
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.

  • CVE-2023-37568Jul 13, 2023
    risk 0.00cvss epss 0.00

    ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.

  • CVE-2023-37567Jul 13, 2023
    risk 0.00cvss epss 0.02

    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows:…

  • CVE-2023-37566Jul 13, 2023
    risk 0.00cvss epss 0.01

    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows:…

  • CVE-2023-37561Jul 13, 2023
    risk 0.00cvss epss 0.00

    Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows:…

  • CVE-2023-37560Jul 13, 2023
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.

  • CVE-2023-22282Apr 11, 2023
    risk 0.00cvss epss 0.00

    WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows…

  • CVE-2023-22368Feb 15, 2023
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2022-25915Mar 31, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware…

Page 1 of 2