CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-25579
https://notcve.org/view.php?id=CVE-2024-25579
28 Feb 2024 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de inyección de comandos del sistema operativo en enrutadores LAN inalámbricos ELECOM permite que un atacante adyacente a la red con privilegios administrativos ejecute comandos arbitrarios del s... • https://jvn.jp/en/vu/JVNVU99444194 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23910
https://notcve.org/view.php?id=CVE-2024-23910
28 Feb 2024 — Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de Cross-Site Request Forgery (CSRF) en los enrutadores LAN inalámbricos ELECOM permite a un atacante remoto no autenticado secuestrar la auten... • https://jvn.jp/en/jp/JVN44166658 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22372
https://notcve.org/view.php?id=CVE-2024-22372
24 Jan 2024 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier. La vulnerabilidad de inyección de comandos del sistema operativo en los routers LAN... • https://jvn.jp/en/vu/JVNVU90908488 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-49695
https://notcve.org/view.php?id=CVE-2023-49695
12 Dec 2023 — OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. Vulnerabilidad de inyección de comandos del sistema operativo en WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 y anteriores, y WRC-X3000GSA v1.0.24 y anteriores permite a un atacante adyacente a la red con privilegios administrati... • https://jvn.jp/en/vu/JVNVU97499577 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-43752
https://notcve.org/view.php?id=CVE-2023-43752
16 Nov 2023 — OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. Vulnerabilidad de inyección de comandos del sistema operativo en WRC-X3000GS2-W v1.05 y anteriores, WRC-X3000GS2-B v1.05 y anteriores, y WRC-X3000GS2A-B v1.05 y anteriores permite que un usuario autenticado adyacente a la red ejecute un sistema ope... • https://jvn.jp/en/vu/JVNVU94119876 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 68EXPL: 1CVE-2023-43757
https://notcve.org/view.php?id=CVE-2023-43757
16 Nov 2023 — Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que ... • https://github.com/sharmashreejaa/CVE-2023-43757 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40072
https://notcve.org/view.php?id=CVE-2023-40072
18 Aug 2023 — OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. La vulnerabilidad de inyección de comandos del sistema operativo en los dispositivos de red ELECOM permite a un usuario au... • https://jvn.jp/en/vu/JVNVU91630351 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-40069
https://notcve.org/view.php?id=CVE-2023-40069
18 Aug 2023 — OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. La vulnerabilidad de inyección de comandos del sistema operativo en los routers LAN inalámbricos ELECOM permite a un atacante que pue... • https://jvn.jp/en/vu/JVNVU91630351 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39944
https://notcve.org/view.php?id=CVE-2023-39944
18 Aug 2023 — OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. La vulnerabilidad de inyección de comandos del sistema operativo en WRC-F1167ACF todas las versiones y WRC-1750GHBK todas las versiones permite a un atacante que pueda acceder al producto ejecutar un comando arbitrario del sistema operativo enviando una solicitud especialmente diseñada. • https://jvn.jp/en/vu/JVNVU91630351 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-39455
https://notcve.org/view.php?id=CVE-2023-39455
18 Aug 2023 — OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions. La vulnerabilidad de inyección de comandos del sistema operativo en los routers LAN inalám... • https://jvn.jp/en/vu/JVNVU91630351 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •