Vulnerabilities > Elecom
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-07 | CVE-2021-20738 | Unspecified vulnerability in Elecom products WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. low complexity elecom | 3.3 |
2021-07-07 | CVE-2021-20739 | OS Command Injection vulnerability in Elecom products WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. | 5.8 |
2021-02-12 | CVE-2021-20651 | Path Traversal vulnerability in Elecom File Manager Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors. | 6.4 |
2021-02-12 | CVE-2021-20650 | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Ncc-Ewf100Rmwh2 Firmware Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. | 4.3 |
2021-02-12 | CVE-2021-20649 | Improper Certificate Validation vulnerability in Elecom Wrc-300Febk-S Firmware ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. | 5.8 |
2021-02-12 | CVE-2021-20648 | OS Command Injection vulnerability in Elecom Wrc-300Febk-S Firmware ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | 7.7 |
2021-02-12 | CVE-2021-20647 | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wrc-300Febk-S Firmware Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. | 4.3 |
2021-02-12 | CVE-2021-20646 | Cross-Site Request Forgery (CSRF) vulnerability in Elecom Wrc-300Febk-A Firmware Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. | 4.3 |
2021-02-12 | CVE-2021-20645 | Cross-site Scripting vulnerability in Elecom Wrc-300Febk-A Firmware Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | 4.3 |
2021-02-12 | CVE-2021-20644 | Injection vulnerability in Elecom Wrc-1467Ghbk-A Firmware ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | 4.3 |