CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-25568
https://notcve.org/view.php?id=CVE-2024-25568
04 Apr 2024 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". Vulnerabilidad de inyección de comandos del sistema operativo en WRC-X3200GST3-B ... • https://jvn.jp/en/vu/JVNVU95381465 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-25579
https://notcve.org/view.php?id=CVE-2024-25579
28 Feb 2024 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de inyección de comandos del sistema operativo en enrutadores LAN inalámbricos ELECOM permite que un atacante adyacente a la red con privilegios administrativos ejecute comandos arbitrarios del s... • https://jvn.jp/en/vu/JVNVU99444194 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23910
https://notcve.org/view.php?id=CVE-2024-23910
28 Feb 2024 — Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de Cross-Site Request Forgery (CSRF) en los enrutadores LAN inalámbricos ELECOM permite a un atacante remoto no autenticado secuestrar la auten... • https://jvn.jp/en/jp/JVN44166658 • CWE-352: Cross-Site Request Forgery (CSRF) •