Vulnerabilities > Elecom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-34577 | Cross-site Scripting vulnerability in Elecom products Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. | 6.1 |
| 2024-08-30 | CVE-2024-42412 | Cross-site Scripting vulnerability in Elecom Wab-I1750-Ps Firmware and Wab-S1167-Ps Firmware Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. | 6.1 |
| 2024-01-24 | CVE-2024-22372 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | 6.8 |
| 2023-12-12 | CVE-2023-49695 | OS Command Injection vulnerability in Elecom products OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | 6.8 |
| 2023-11-16 | CVE-2023-43757 | Inadequate Encryption Strength vulnerability in Elecom products Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. | 6.5 |
| 2023-07-13 | CVE-2023-37563 | Unspecified vulnerability in Elecom products ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. low complexity elecom | 6.5 |
| 2023-07-13 | CVE-2023-37560 | Cross-site Scripting vulnerability in Elecom Wrh-300Wh-H Firmware and Wtc-300Hwh Firmware Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 |
| 2023-07-13 | CVE-2023-37561 | Open Redirect vulnerability in Elecom products Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 6.1 |
| 2021-12-01 | CVE-2021-20852 | Classic Buffer Overflow vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. | 5.2 |
| 2021-12-01 | CVE-2021-20853 | OS Command Injection vulnerability in Elecom Wrh-733Gbk Firmware and Wrh-733Gwh Firmware ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | 5.2 |