Vulnerabilities (CVE)

Filtered by vendor Elecom Subscribe
Total 58 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37561 1 Elecom 8 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 5 more 2024-02-28 N/A 6.1 MEDIUM
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.
CVE-2023-37567 1 Elecom 2 Wrc-1167ghbk3-a, Wrc-1167ghbk3-a Firmware 2024-02-28 N/A 9.8 CRITICAL
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
CVE-2023-39454 1 Elecom 6 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 3 more 2024-02-28 N/A 9.8 CRITICAL
Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code.
CVE-2023-37565 1 Elecom 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more 2024-02-28 N/A 8.0 HIGH
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
CVE-2023-39455 1 Elecom 14 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 11 more 2024-02-28 N/A 8.8 HIGH
OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.
CVE-2023-37568 1 Elecom 4 Wrc-1167gebk-s, Wrc-1167gebk-s Firmware, Wrc-1167ghbk-s and 1 more 2024-02-28 N/A 8.0 HIGH
ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.
CVE-2023-37566 1 Elecom 4 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167ghbk3-a and 1 more 2024-02-28 N/A 8.0 HIGH
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
CVE-2023-37562 1 Elecom 4 Wtc-c1167gc-b, Wtc-c1167gc-b Firmware, Wtc-c1167gc-w and 1 more 2024-02-28 N/A 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.
CVE-2023-22282 2 Elecom, Microsoft 2 Wab-mat, Windows 2024-02-28 N/A 7.3 HIGH
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.
CVE-2023-22368 2 Elecom, Microsoft 3 Camera Assistant, Quickfiledealer, Windows 2024-02-28 N/A 7.8 HIGH
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2022-25915 1 Elecom 46 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wmc-2hc-w and 43 more 2024-02-28 5.8 MEDIUM 8.8 HIGH
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.
CVE-2022-21173 1 Elecom 16 Wrh-300bk3, Wrh-300bk3-s, Wrh-300bk3-s Firmware and 13 more 2024-02-28 8.3 HIGH 8.8 HIGH
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors.
CVE-2021-20861 1 Elecom 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more 2024-02-28 5.8 MEDIUM 8.8 HIGH
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.
CVE-2021-20859 1 Elecom 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more 2024-02-28 7.7 HIGH 8.0 HIGH
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.
CVE-2022-21799 1 Elecom 2 Wrc-300febk-r, Wrc-300febk-r Firmware 2024-02-28 2.9 LOW 5.2 MEDIUM
Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors.
CVE-2021-20864 1 Elecom 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more 2024-02-28 8.3 HIGH 8.8 HIGH
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors.
CVE-2021-20852 1 Elecom 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more 2024-02-28 5.2 MEDIUM 6.8 MEDIUM
Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors.
CVE-2021-20855 1 Elecom 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20860 1 Elecom 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page.
CVE-2021-20856 1 Elecom 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.