CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40883
https://notcve.org/view.php?id=CVE-2024-40883
01 Aug 2024 — Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. Existe una vulnerabilidad de Cross-site request forgery en los enrutadores LAN inalámbricos ELECOM. Al ver una página maliciosa mientras inicia sesión en el producto afectado con un privilegio administrativo, se puede diri... • https://jvn.jp/en/jp/JVN06672778 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34021
https://notcve.org/view.php?id=CVE-2024-34021
01 Aug 2024 — Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution. Existe una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los enrutadores LAN inalámbricos ELECOM. Un usuario que haya iniciado sesión con privilegios administrativos puede cargar un archivo especialmente manipulado... • https://jvn.jp/en/jp/JVN06672778 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-25579
https://notcve.org/view.php?id=CVE-2024-25579
28 Feb 2024 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de inyección de comandos del sistema operativo en enrutadores LAN inalámbricos ELECOM permite que un atacante adyacente a la red con privilegios administrativos ejecute comandos arbitrarios del s... • https://jvn.jp/en/vu/JVNVU99444194 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23910
https://notcve.org/view.php?id=CVE-2024-23910
28 Feb 2024 — Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de Cross-Site Request Forgery (CSRF) en los enrutadores LAN inalámbricos ELECOM permite a un atacante remoto no autenticado secuestrar la auten... • https://jvn.jp/en/jp/JVN44166658 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2022-25915
https://notcve.org/view.php?id=CVE-2022-25915
31 Mar 2022 — Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware... • https://jvn.jp/en/jp/JVN88993473 •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20864
https://notcve.org/view.php?id=CVE-2021-20864
01 Dec 2021 — Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.... • https://jvn.jp/en/vu/JVNVU94527926/index.html •
CVSS: 8.0EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20863
https://notcve.org/view.php?id=CVE-2021-20863
01 Dec 2021 — OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 ... • https://jvn.jp/en/vu/JVNVU94527926/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20862
https://notcve.org/view.php?id=CVE-2021-20862
01 Dec 2021 — Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.... • https://jvn.jp/en/vu/JVNVU94527926/index.html •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20861
https://notcve.org/view.php?id=CVE-2021-20861
01 Dec 2021 — Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware... • https://jvn.jp/en/jp/JVN88993473/index.html •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20860
https://notcve.org/view.php?id=CVE-2021-20860
01 Dec 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2S... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •