Vulnerabilities > Elecom
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-21 | CVE-2024-43689 | Out-of-bounds Write vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. | 9.8 |
2024-08-30 | CVE-2024-34577 | Cross-site Scripting vulnerability in Elecom products Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. | 6.1 |
2024-08-30 | CVE-2024-39300 | Missing Authentication for Critical Function vulnerability in Elecom Wab-I1750-Ps Firmware Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. | 3.7 |
2024-08-30 | CVE-2024-42412 | Cross-site Scripting vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. | 6.1 |
2024-08-01 | CVE-2024-40883 | Cross-Site Request Forgery (CSRF) vulnerability in Elecom products Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. | 8.8 |
2024-01-24 | CVE-2024-22372 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | 6.8 |
2023-12-12 | CVE-2023-49695 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | 6.8 |
2023-11-16 | CVE-2023-43752 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | 8.0 |
2023-11-16 | CVE-2023-43757 | Inadequate Encryption Strength vulnerability in Elecom products Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. | 6.5 |
2023-08-18 | CVE-2023-32626 | Unspecified vulnerability in Elecom Lan-W300N/Pr5 Firmware and Lan-W300N/Rs Firmware Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | 9.8 |