CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20854
https://notcve.org/view.php?id=CVE-2021-20854
01 Dec 2021 — ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. Los routers LAN de ELECOM (firmware WRH-733GBK versiones v1.02.9 y anteriores y firmware WRH-733GWH versiones v1.02.9 y anteriores) permiten a un atacante adyacente a la red con privilegios de administrador ejecutar comandos arbitrarios del sistema operativo por medio de vectores no es... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20853
https://notcve.org/view.php?id=CVE-2021-20853
01 Dec 2021 — ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. Los routers LAN de ELECOM (firmware WRH-733GBK versiones v1.02.9 y anteriores y firmware WRH-733GWH versiones v1.02.9 y anteriores) permiten a un atacante adyacente a la red con privilegios de administrador ejecutar comandos arbitrarios del sistema operativo por medio de vectores no es... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20852
https://notcve.org/view.php?id=CVE-2021-20852
01 Dec 2021 — Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. Una vulnerabilidad de desbordamiento del búfer en los routers LAN de ELECOM (firmware WRH-733GBK versiones v1.02.9 y anteriores y firmware WRH-733GWH versiones v1.02.9 y anteriores) permite a un atacante adyacente a la red con privilegios de administr... • https://jvn.jp/en/jp/JVN88993473/index.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-20739
https://notcve.org/view.php?id=CVE-2021-20739
07 Jul 2021 — WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S y WRH-300WH-S, todas las versiones, permiten a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistem... • https://jvn.jp/en/vu/JVNVU94260088/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-20738
https://notcve.org/view.php?id=CVE-2021-20738
07 Jul 2021 — WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. WRC-1167FS-W, WRC-1167FS-B y WRC-1167FSA todas las versiones permiten a un atacante no autenticado adyacente a la red obtener información confidencial por medio de vectores no especificados • https://jvn.jp/en/vu/JVNVU94260088/index.html •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-20651
https://notcve.org/view.php?id=CVE-2021-20651
12 Feb 2021 — Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors. Una vulnerabilidad de salto de directorio en ELECOM File Manager, todas las versiones permite a atacantes remotos crear un archivo arbitrario o sobrescribir un archivo que puede ser accedido con privilegios de aplicación a por medio de vectores no especificados • https://jvn.jp/en/jp/JVN98115035/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20650
https://notcve.org/view.php?id=CVE-2021-20650
12 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en ELECOM NCC-EWF100RMWH2, permite a atacantes remotos secuestrar la autenticación de los administradores y ejecutar una petición arbitraria por medio de un vector ... • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20649
https://notcve.org/view.php?id=CVE-2021-20649
12 Feb 2021 — ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. ELECOM WRC-300FEBK-S, contiene una vulnerabilidad de comprobación de certificado inapropiada. Mediante un ataque man-in-the-middle, un atacante puede alterar la respuesta de comunicación. • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20648
https://notcve.org/view.php?id=CVE-2021-20648
12 Feb 2021 — ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. ELECOM WRC-300FEBK-S, permite a un atacante con derechos de administrador ejecutar comandos arbitrarios del sistema operativo por medio de vectores no especificados • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20647
https://notcve.org/view.php?id=CVE-2021-20647
12 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en ELECOM WRC-300FEBK-S, permite a atacantes remotos secuestrar la autenticación de los administradores y ejecutar una petición arbitraria por medio de un vector no e... • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •