CVE-2024-22372
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier.
La vulnerabilidad de inyección de comandos del sistema operativo en los routers LAN inalámbricos ELECOM permite que un atacante adyacente a la red con privilegios administrativos ejecute comandos arbitrarios del sistema operativo enviando una solicitud especialmente manipulada al producto. Los productos y versiones afectados son los siguientes: WRC-X1800GS-B v1.17 y anteriores, WRC-X1800GSA-B v1.17 y anteriores, WRC-X1800GSH-B v1.17 y anteriores, WRC-X6000XS-G v1.09, y WRC-X6000XST-G v1.12 y anteriores.
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-10 CVE Reserved
- 2024-01-24 CVE Published
- 2024-01-31 EPSS Updated
- 2024-09-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://jvn.jp/en/vu/JVNVU90908488 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.elecom.co.jp/news/security/20240123-01 | 2024-01-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Elecom Search vendor "Elecom" | Wrc-x1800gs-b Firmware Search vendor "Elecom" for product "Wrc-x1800gs-b Firmware" | < 1.18 Search vendor "Elecom" for product "Wrc-x1800gs-b Firmware" and version " < 1.18" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-x1800gs-b Search vendor "Elecom" for product "Wrc-x1800gs-b" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-x1800gsh-b Firmware Search vendor "Elecom" for product "Wrc-x1800gsh-b Firmware" | < 1.18 Search vendor "Elecom" for product "Wrc-x1800gsh-b Firmware" and version " < 1.18" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-x1800gsh-b Search vendor "Elecom" for product "Wrc-x1800gsh-b" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-x1800gsa-b Firmware Search vendor "Elecom" for product "Wrc-x1800gsa-b Firmware" | < 1.18 Search vendor "Elecom" for product "Wrc-x1800gsa-b Firmware" and version " < 1.18" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-x1800gsa-b Search vendor "Elecom" for product "Wrc-x1800gsa-b" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-x6000xs-g Firmware Search vendor "Elecom" for product "Wrc-x6000xs-g Firmware" | 1.09 Search vendor "Elecom" for product "Wrc-x6000xs-g Firmware" and version "1.09" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-x6000xs-g Search vendor "Elecom" for product "Wrc-x6000xs-g" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-x6000xst-g Firmware Search vendor "Elecom" for product "Wrc-x6000xst-g Firmware" | < 1.14 Search vendor "Elecom" for product "Wrc-x6000xst-g Firmware" and version " < 1.14" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-x6000xst-g Search vendor "Elecom" for product "Wrc-x6000xst-g" | - | - |
Safe
|