Vendor CVEs
ELECOM CO.,LTD.
All CVEs
79 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40621 | Cri | 0.64 | 9.8 | 0.00 | May 13, 2026 | ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication. | ||
| CVE-2026-24465 | Cri | 0.64 | 9.8 | 0.01 | Feb 3, 2026 | Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution. | ||
| CVE-2025-48890 | Cri | 0.64 | 9.8 | 0.03 | Jun 24, 2025 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS… | ||
| CVE-2025-43879 | Cri | 0.64 | 9.8 | 0.03 | Jun 24, 2025 | WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS… | ||
| CVE-2026-22550 | Hig | 0.57 | 8.8 | 0.02 | Feb 3, 2026 | OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution. | ||
| CVE-2025-41427 | Hig | 0.57 | 8.8 | 0.01 | Jun 24, 2025 | WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected… | ||
| CVE-2024-25568 | Hig | 0.57 | 8.8 | 0.01 | Apr 4, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and… | ||
| CVE-2026-35506 | Hig | 0.47 | 7.2 | 0.01 | May 13, 2026 | ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed. | ||
| CVE-2025-53472 | Hig | 0.47 | 7.2 | 0.01 | Jul 22, 2025 | WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI. | ||
| CVE-2025-39240 | Hig | 0.47 | 7.2 | 0.01 | Jun 13, 2025 | Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to… | ||
| CVE-2024-26258 | Hig | 0.46 | 7.1 | 0.01 | Apr 4, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product. | ||
| CVE-2025-66271 | Med | 0.44 | 6.7 | 0.00 | Dec 9, 2025 | Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||
| CVE-2025-61865 | Med | 0.44 | 6.7 | 0.00 | Oct 23, 2025 | Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege. | ||
| CVE-2024-39607 | Med | 0.44 | 6.8 | 0.01 | Aug 1, 2024 | OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command. | ||
| CVE-2024-36103 | Med | 0.44 | 6.8 | 0.01 | Jun 12, 2024 | OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | ||
| CVE-2024-25579 | Med | 0.44 | 6.8 | 0.01 | Feb 28, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh… | ||
| CVE-2026-25107 | Med | 0.42 | 6.5 | 0.00 | May 13, 2026 | ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted… | ||
| CVE-2024-6044 | Med | 0.42 | 6.5 | 0.00 | Jun 17, 2024 | Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL. | ||
| CVE-2024-34577 | Med | 0.40 | 6.1 | 0.00 | Aug 30, 2024 | Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed… | ||
| CVE-2025-43877 | Med | 0.35 | 5.4 | 0.00 | Jun 24, 2025 | WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product. | ||
| CVE-2025-46267 | Med | 0.32 | 4.9 | 0.00 | Jul 22, 2025 | Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI. | ||
| CVE-2026-24449 | Med | 0.30 | 4.6 | 0.00 | Feb 3, 2026 | For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information. | ||
| CVE-2026-20704 | Med | 0.28 | 4.3 | 0.00 | Feb 3, 2026 | Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed. | ||
| CVE-2024-29225 | Med | 0.28 | 4.3 | 0.00 | Apr 4, 2024 | ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request. | ||
| CVE-2024-40883 | 0.00 | — | 0.00 | Aug 1, 2024 | Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login… | |||
| CVE-2024-23486 | 0.00 | — | 0.01 | Apr 15, 2024 | Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. | |||
| CVE-2024-23910 | 0.00 | — | 0.00 | Feb 28, 2024 | Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B… | |||
| CVE-2024-21798 | 0.00 | — | 0.01 | Feb 28, 2024 | ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be… | |||
| CVE-2024-22372 | 0.00 | — | 0.01 | Jan 24, 2024 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | |||
| CVE-2023-49695 | 0.00 | — | 0.01 | Dec 12, 2023 | OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the… | |||
| CVE-2023-43752 | 0.00 | — | 0.01 | Nov 16, 2023 | OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | |||
| CVE-2023-43757 | 0.00 | — | 0.01 | Nov 16, 2023 | Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the… | |||
| CVE-2023-40069 | 0.00 | — | 0.01 | Aug 18, 2023 | OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all… | |||
| CVE-2023-39944 | 0.00 | — | 0.01 | Aug 18, 2023 | OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. | |||
| CVE-2023-39455 | 0.00 | — | 0.01 | Aug 18, 2023 | OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions,… | |||
| CVE-2023-39454 | 0.00 | — | 0.01 | Aug 18, 2023 | Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. | |||
| CVE-2023-39445 | 0.00 | — | 0.01 | Aug 18, 2023 | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | |||
| CVE-2023-32626 | 0.00 | — | 0.01 | Aug 18, 2023 | Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | |||
| CVE-2023-37565 | 0.00 | — | 0.00 | Jul 13, 2023 | Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03… | |||
| CVE-2023-37564 | 0.00 | — | 0.01 | Jul 13, 2023 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03… | |||
| CVE-2023-37563 | 0.00 | — | 0.00 | Jul 13, 2023 | ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier,… | |||
| CVE-2023-37562 | 0.00 | — | 0.00 | Jul 13, 2023 | Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. | |||
| CVE-2023-37568 | 0.00 | — | 0.00 | Jul 13, 2023 | ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | |||
| CVE-2023-37567 | 0.00 | — | 0.02 | Jul 13, 2023 | Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows:… | |||
| CVE-2023-37566 | 0.00 | — | 0.01 | Jul 13, 2023 | Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows:… | |||
| CVE-2023-37561 | 0.00 | — | 0.00 | Jul 13, 2023 | Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows:… | |||
| CVE-2023-37560 | 0.00 | — | 0.00 | Jul 13, 2023 | Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||
| CVE-2023-22282 | 0.00 | — | 0.00 | Apr 11, 2023 | WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows… | |||
| CVE-2023-22368 | 0.00 | — | 0.00 | Feb 15, 2023 | Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2022-25915 | 0.00 | — | 0.00 | Mar 31, 2022 | Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware… |
- risk 0.64cvss 9.8epss 0.00
ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.
- risk 0.64cvss 9.8epss 0.01
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.03
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…
- risk 0.64cvss 9.8epss 0.03
WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS…
- risk 0.57cvss 8.8epss 0.02
OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
- risk 0.57cvss 8.8epss 0.01
WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected…
- risk 0.57cvss 8.8epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and…
- risk 0.47cvss 7.2epss 0.01
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.
- risk 0.47cvss 7.2epss 0.01
WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.
- risk 0.47cvss 7.2epss 0.01
Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to…
- risk 0.46cvss 7.1epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
- risk 0.44cvss 6.7epss 0.00
Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- risk 0.44cvss 6.7epss 0.00
Multiple NAS management applications provided by I-O DATA DEVICE, INC. register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
- risk 0.44cvss 6.8epss 0.01
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
- risk 0.44cvss 6.8epss 0.01
OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
- risk 0.44cvss 6.8epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh…
- risk 0.42cvss 6.5epss 0.00
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted…
- risk 0.42cvss 6.5epss 0.00
Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the URL.
- risk 0.40cvss 6.1epss 0.00
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed…
- risk 0.35cvss 5.4epss 0.00
WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.
- risk 0.32cvss 4.9epss 0.00
Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.
- risk 0.30cvss 4.6epss 0.00
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
- risk 0.28cvss 4.3epss 0.00
Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
- risk 0.28cvss 4.3epss 0.00
ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.
- CVE-2024-40883Aug 1, 2024risk 0.00cvss —epss 0.00
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login…
- CVE-2024-23486Apr 15, 2024risk 0.00cvss —epss 0.01
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
- CVE-2024-23910Feb 28, 2024risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B…
- CVE-2024-21798Feb 28, 2024risk 0.00cvss —epss 0.01
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be…
- CVE-2024-22372Jan 24, 2024risk 0.00cvss —epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
- CVE-2023-49695Dec 12, 2023risk 0.00cvss —epss 0.01
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the…
- CVE-2023-43752Nov 16, 2023risk 0.00cvss —epss 0.01
OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.
- CVE-2023-43757Nov 16, 2023risk 0.00cvss —epss 0.01
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the…
- CVE-2023-40069Aug 18, 2023risk 0.00cvss —epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all…
- CVE-2023-39944Aug 18, 2023risk 0.00cvss —epss 0.01
OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
- CVE-2023-39455Aug 18, 2023risk 0.00cvss —epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions,…
- CVE-2023-39454Aug 18, 2023risk 0.00cvss —epss 0.01
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
- CVE-2023-39445Aug 18, 2023risk 0.00cvss —epss 0.01
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.
- CVE-2023-32626Aug 18, 2023risk 0.00cvss —epss 0.01
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
- CVE-2023-37565Jul 13, 2023risk 0.00cvss —epss 0.00
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03…
- CVE-2023-37564Jul 13, 2023risk 0.00cvss —epss 0.01
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03…
- CVE-2023-37563Jul 13, 2023risk 0.00cvss —epss 0.00
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier,…
- CVE-2023-37562Jul 13, 2023risk 0.00cvss —epss 0.00
Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.
- CVE-2023-37568Jul 13, 2023risk 0.00cvss —epss 0.00
ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.
- CVE-2023-37567Jul 13, 2023risk 0.00cvss —epss 0.02
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows:…
- CVE-2023-37566Jul 13, 2023risk 0.00cvss —epss 0.01
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows:…
- CVE-2023-37561Jul 13, 2023risk 0.00cvss —epss 0.00
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows:…
- CVE-2023-37560Jul 13, 2023risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
- CVE-2023-22282Apr 11, 2023risk 0.00cvss —epss 0.00
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows…
- CVE-2023-22368Feb 15, 2023risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2022-25915Mar 31, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware…
Page 1 of 2