CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43689
https://notcve.org/view.php?id=CVE-2024-43689
21 Oct 2024 — Stack-based buffer overflow vulnerability exists in WAB-I1750-PS and WAB-S1167-PS. By processing a specially crafted HTTP request, arbitrary code may be executed. Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed. • https://jvn.jp/en/jp/JVN24885537 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39300
https://notcve.org/view.php?id=CVE-2024-39300
30 Aug 2024 — Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. • https://jvn.jp/en/jp/JVN24885537 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34577
https://notcve.org/view.php?id=CVE-2024-34577
30 Aug 2024 — Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. • https://jvn.jp/en/jp/JVN24885537 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42412
https://notcve.org/view.php?id=CVE-2024-42412
30 Aug 2024 — Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's... • https://jvn.jp/en/jp/JVN24885537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40883
https://notcve.org/view.php?id=CVE-2024-40883
01 Aug 2024 — Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. Existe una vulnerabilidad de Cross-site request forgery en los enrutadores LAN inalámbricos ELECOM. Al ver una página maliciosa mientras inicia sesión en el producto afectado con un privilegio administrativo, se puede diri... • https://jvn.jp/en/jp/JVN06672778 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39607
https://notcve.org/view.php?id=CVE-2024-39607
01 Aug 2024 — OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command. Existe una vulnerabilidad de inyección de comandos del sistema operativo en los enrutadores LAN inalámbricos ELECOM. Un usuario que haya iniciado sesión y tenga privilegios administrativos puede enviar una solicitud especialmente manipulada al producto afectado para ejecutar un comand... • https://jvn.jp/en/jp/JVN06672778 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34021
https://notcve.org/view.php?id=CVE-2024-34021
01 Aug 2024 — Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution. Existe una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los enrutadores LAN inalámbricos ELECOM. Un usuario que haya iniciado sesión con privilegios administrativos puede cargar un archivo especialmente manipulado... • https://jvn.jp/en/jp/JVN06672778 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36103
https://notcve.org/view.php?id=CVE-2024-36103
12 Jun 2024 — OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Vulnerabilidad de inyección de comandos del sistema operativo en WRC-X5400GS-B v1.0.10 y anteriores, y WRC-X5400GSA-B v1.0.10 y anteriores permite a un atacante adyacente a la red con privilegios administrativos ejecutar comandos arbitrarios de... • https://jvn.jp/en/vu/JVNVU97214223 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26258
https://notcve.org/view.php?id=CVE-2024-26258
04 Apr 2024 — OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product. Vulnerabilidad de inyección de comandos del sistema operativo en WRC-X3200GST3-B v1.25 y anteriores, y WRC-G01-W v1.24 y anteriores permite que un atacante adyacente a la red con credenciales ejecute comandos arbitrarios del sistema operativo enviando una solicitud e... • https://jvn.jp/en/vu/JVNVU95381465 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-25568
https://notcve.org/view.php?id=CVE-2024-25568
04 Apr 2024 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". Vulnerabilidad de inyección de comandos del sistema operativo en WRC-X3200GST3-B ... • https://jvn.jp/en/vu/JVNVU95381465 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •