CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20864
https://notcve.org/view.php?id=CVE-2021-20864
01 Dec 2021 — Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.... • https://jvn.jp/en/vu/JVNVU94527926/index.html •
CVSS: 8.0EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20863
https://notcve.org/view.php?id=CVE-2021-20863
01 Dec 2021 — OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 ... • https://jvn.jp/en/vu/JVNVU94527926/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20862
https://notcve.org/view.php?id=CVE-2021-20862
01 Dec 2021 — Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.... • https://jvn.jp/en/vu/JVNVU94527926/index.html •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20861
https://notcve.org/view.php?id=CVE-2021-20861
01 Dec 2021 — Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware... • https://jvn.jp/en/jp/JVN88993473/index.html •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20860
https://notcve.org/view.php?id=CVE-2021-20860
01 Dec 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2S... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.0EPSS: 0%CPEs: 28EXPL: 0CVE-2021-20859
https://notcve.org/view.php?id=CVE-2021-20859
01 Dec 2021 — ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20858
https://notcve.org/view.php?id=CVE-2021-20858
01 Dec 2021 — Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de cross-site scripting en el router ELECOM LAN firmware WRC-2533GHBK-I versiones v1.20 y anteriores, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20857
https://notcve.org/view.php?id=CVE-2021-20857
01 Dec 2021 — Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en el router ELECOM LAN firmware WRC-2533GHBK-I versiones v1.20 y anteriores, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20856
https://notcve.org/view.php?id=CVE-2021-20856
01 Dec 2021 — Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en los routers LAN de ELECOM (firmware WRH-733GBK versiones v1.02.9 y anteriores y firmware WRH-733GWH versiones v1.02.9 y anteriores) permite a un atacante remoto autenticado inyectar un script arbitrario por vectores no especific... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20855
https://notcve.org/view.php?id=CVE-2021-20855
01 Dec 2021 — Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en los routers LAN de ELECOM (firmware WRH-733GBK versiones v1.02.9 y anteriores y firmware WRH-733GWH versiones v1.02.9 y anteriores) permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no ... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •