Vulnerabilities > Elecom

DATE CVE VULNERABILITY TITLE RISK
2022-03-31 CVE-2022-25915 Improper Authentication vulnerability in Elecom products
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.
low complexity
elecom CWE-287
5.8
2022-02-08 CVE-2022-21173 OS Command Injection vulnerability in Elecom products
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors.
low complexity
elecom CWE-78
8.3
2022-02-08 CVE-2022-21799 Cross-site Scripting vulnerability in Elecom Wrc-300Febk-R Firmware
Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors.
2.9
2021-12-01 CVE-2021-20852 Classic Buffer Overflow vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware
Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors.
low complexity
elecom CWE-120
5.2
2021-12-01 CVE-2021-20853 OS Command Injection vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.
low complexity
elecom CWE-78
5.2
2021-12-01 CVE-2021-20854 OS Command Injection vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware
ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors.
low complexity
elecom CWE-78
5.2
2021-12-01 CVE-2021-20855 Cross-site Scripting vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
elecom CWE-79
3.5
2021-12-01 CVE-2021-20856 Cross-site Scripting vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
elecom CWE-79
3.5
2021-12-01 CVE-2021-20857 Cross-site Scripting vulnerability in Elecom Wrc-2533Ghbk-I Firmware
Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
elecom CWE-79
3.5
2021-12-01 CVE-2021-20858 Cross-site Scripting vulnerability in Elecom Wrc-2533Ghbk-I Firmware
Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
network
elecom CWE-79
3.5