CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20645
https://notcve.org/view.php?id=CVE-2021-20645
12 Feb 2021 — Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en ELECOM WRC-300FEBK-A, permite a los atacantes autenticados remotamente inyectar script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20646
https://notcve.org/view.php?id=CVE-2021-20646
12 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en ELECOM WRC-300FEBK-A, permite a atacantes remotos secuestrar la autenticación de los administradores y ejecutar una petición arbitraria por medio de un vector no e... • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20644
https://notcve.org/view.php?id=CVE-2021-20644
12 Feb 2021 — ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. ELECOM WRC-1467GHBK-A, permite ejecutar scripts arbitrarios en el navegador web del usuario mostrando un SSID especialmente diseñado en la página de configuración web • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20643
https://notcve.org/view.php?id=CVE-2021-20643
12 Feb 2021 — Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected device by processing a specially crafted request. La vulnerabilidad de control de acceso inapropiado en ELECOM LD-PS/U1, permite a atacantes remotos cambiar la contraseña administrativa del dispositivo afectado al procesar una petición especialmente diseñada • https://jvn.jp/en/jp/JVN47580234/index.html •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-5634
https://notcve.org/view.php?id=CVE-2020-5634
06 Oct 2020 — ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors. Los enrutadores LAN ELECOM (versiones de firmware WRC-2533GST2 anteriores a v1.14, versiones de firmware WRC-1900GST2 anteriores a v1.14, versiones de firmware WRC-1750GST2 a... • https://jvn.jp/en/jp/JVN82892096/index.html •