Vulnerabilities > Elecom
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-18 | CVE-2023-40072 | OS Command Injection vulnerability in Elecom Wab-S300 Firmware and Wab-S600-Ps Firmware OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | 8.8 |
| 2023-07-13 | CVE-2023-37564 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. | 8.0 |
| 2023-07-13 | CVE-2023-37565 | Code Injection vulnerability in Elecom products Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. | 8.0 |
| 2023-07-13 | CVE-2023-37562 | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wtc-C1167Gc-B Firmware and Wtc-C1167Gc-W Firmware Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | 8.8 |
| 2023-07-13 | CVE-2023-37563 | Unspecified vulnerability in Elecom products ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. low complexity elecom | 6.5 |
| 2023-07-13 | CVE-2023-37560 | Cross-site Scripting vulnerability in Elecom Wrh-300Wh-H Firmware and Wtc-300Hwh Firmware Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 |
| 2023-07-13 | CVE-2023-37561 | Open Redirect vulnerability in Elecom products Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 6.1 |
| 2023-07-13 | CVE-2023-37566 | Command Injection vulnerability in Elecom Wrc-1167Febk-A Firmware and Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | 8.0 |
| 2023-07-13 | CVE-2023-37567 | Command Injection vulnerability in Elecom Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. | 9.8 |
| 2023-07-13 | CVE-2023-37568 | Command Injection vulnerability in Elecom Wrc-1167Gebk-S Firmware and Wrc-1167Ghbk-S Firmware ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | 8.0 |