Vulnerabilities > Elecom

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-43689 Out-of-bounds Write vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points.
network
low complexity
elecom CWE-787
critical
9.8
2024-08-30 CVE-2024-34577 Cross-site Scripting vulnerability in Elecom products
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi.
network
low complexity
elecom CWE-79
6.1
2024-08-30 CVE-2024-39300 Missing Authentication for Critical Function vulnerability in Elecom Wab-I1750-Ps Firmware
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier.
network
high complexity
elecom CWE-306
3.7
2024-08-30 CVE-2024-42412 Cross-site Scripting vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware
Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi.
network
low complexity
elecom CWE-79
6.1
2024-08-01 CVE-2024-40883 Cross-Site Request Forgery (CSRF) vulnerability in Elecom products
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers.
network
low complexity
elecom CWE-352
8.8
2024-01-24 CVE-2024-22372 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
low complexity
elecom CWE-78
6.8
2023-12-12 CVE-2023-49695 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.
low complexity
elecom CWE-78
6.8
2023-11-16 CVE-2023-43752 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.
low complexity
elecom CWE-78
8.0
2023-11-16 CVE-2023-43757 Inadequate Encryption Strength vulnerability in Elecom products
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD.
low complexity
elecom CWE-326
6.5
2023-08-18 CVE-2023-32626 Unspecified vulnerability in Elecom Lan-W300N/Pr5 Firmware and Lan-W300N/Rs Firmware
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
network
low complexity
elecom
critical
9.8