Vulnerabilities > Elecom

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-34577 Cross-site Scripting vulnerability in Elecom products
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi.
network
low complexity
elecom CWE-79
6.1
2024-08-30 CVE-2024-39300 Missing Authentication for Critical Function vulnerability in Elecom Wab-I1750-Ps Firmware
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier.
network
high complexity
elecom CWE-306
3.7
2024-08-30 CVE-2024-42412 Cross-site Scripting vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware
Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi.
network
low complexity
elecom CWE-79
6.1
2024-08-01 CVE-2024-40883 Cross-Site Request Forgery (CSRF) vulnerability in Elecom products
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers.
network
low complexity
elecom CWE-352
8.8
2024-01-24 CVE-2024-22372 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
low complexity
elecom CWE-78
6.8
2023-12-12 CVE-2023-49695 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.
low complexity
elecom CWE-78
6.8
2023-11-16 CVE-2023-43752 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.
low complexity
elecom CWE-78
8.0
2023-11-16 CVE-2023-43757 Inadequate Encryption Strength vulnerability in Elecom products
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD.
low complexity
elecom CWE-326
6.5
2023-08-18 CVE-2023-32626 Unspecified vulnerability in Elecom Lan-W300N/Pr5 Firmware and Lan-W300N/Rs Firmware
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
network
low complexity
elecom
critical
9.8
2023-08-18 CVE-2023-35991 Unspecified vulnerability in Elecom products
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
network
low complexity
elecom
critical
9.8