5 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 68EXPL: 1

16 Nov 2023 — Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que ... • https://github.com/sharmashreejaa/CVE-2023-43757 • CWE-326: Inadequate Encryption Strength •

CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0

07 Jul 2021 — WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S y WRH-300WH-S, todas las versiones, permiten a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistem... • https://jvn.jp/en/vu/JVNVU94260088/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

12 Feb 2021 — ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. ELECOM WRC-300FEBK-S, contiene una vulnerabilidad de comprobación de certificado inapropiada. Mediante un ataque man-in-the-middle, un atacante puede alterar la respuesta de comunicación. • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-295: Improper Certificate Validation •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

12 Feb 2021 — ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. ELECOM WRC-300FEBK-S, permite a un atacante con derechos de administrador ejecutar comandos arbitrarios del sistema operativo por medio de vectores no especificados • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

12 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en ELECOM WRC-300FEBK-S, permite a atacantes remotos secuestrar la autenticación de los administradores y ejecutar una petición arbitraria por medio de un vector no e... • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •