Vulnerabilities > Elecom

DATE CVE VULNERABILITY TITLE RISK
2023-08-18 CVE-2023-39455 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
network
low complexity
elecom CWE-78
8.8
2023-08-18 CVE-2023-39944 OS Command Injection vulnerability in Elecom Wrc-1750Ghbk Firmware and Wrc-F1167Acf Firmware
OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
network
low complexity
elecom CWE-78
8.8
2023-08-18 CVE-2023-40069 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
network
low complexity
elecom CWE-78
critical
9.8
2023-08-18 CVE-2023-40072 OS Command Injection vulnerability in Elecom Wab-S300 Firmware and Wab-S600-Ps Firmware
OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
network
low complexity
elecom CWE-78
8.8
2023-07-13 CVE-2023-37564 OS Command Injection vulnerability in Elecom products
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request.
low complexity
elecom CWE-78
8.0
2023-07-13 CVE-2023-37565 Code Injection vulnerability in Elecom products
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request.
low complexity
elecom CWE-94
8.0
2023-07-13 CVE-2023-37562 Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wtc-C1167Gc-B Firmware and Wtc-C1167Gc-W Firmware
Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.
network
low complexity
elecom CWE-352
8.8
2023-07-13 CVE-2023-37563 Unspecified vulnerability in Elecom products
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information.
low complexity
elecom
6.5
2023-07-13 CVE-2023-37560 Cross-site Scripting vulnerability in Elecom Wrh-300Wh-H Firmware and Wtc-300Hwh Firmware
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
network
low complexity
elecom CWE-79
6.1
2023-07-13 CVE-2023-37561 Open Redirect vulnerability in Elecom products
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
network
low complexity
elecom CWE-601
6.1