Vulnerabilities (CVE)

Filtered by vendor Elecom Subscribe
Total 58 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37563 1 Elecom 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more 2024-11-06 N/A 6.5 MEDIUM
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
CVE-2024-42412 1 Elecom 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more 2024-10-27 N/A 6.1 MEDIUM
Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
CVE-2024-40883 1 Elecom 12 Wrc-2533gs2-b, Wrc-2533gs2-b Firmware, Wrc-2533gs2-w and 9 more 2024-10-27 N/A 8.8 HIGH
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
CVE-2024-43689 1 Elecom 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more 2024-10-24 N/A 9.8 CRITICAL
Stack-based buffer overflow vulnerability exists in WAB-I1750-PS and WAB-S1167-PS. By processing a specially crafted HTTP request, arbitrary code may be executed.
CVE-2023-35991 1 Elecom 14 Lan-w300n\/dr, Lan-w300n\/dr Firmware, Lan-w300n\/p and 11 more 2024-10-21 N/A 9.8 CRITICAL
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
CVE-2023-49695 1 Elecom 6 Wrc-x3000gs, Wrc-x3000gs Firmware, Wrc-x3000gsa and 3 more 2024-10-08 N/A 6.8 MEDIUM
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.
CVE-2023-40069 1 Elecom 10 Wrc-1167ghbk2, Wrc-1167ghbk2 Firmware, Wrc-1750ghbk and 7 more 2024-10-08 N/A 9.8 CRITICAL
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.
CVE-2023-39445 1 Elecom 14 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 11 more 2024-10-08 N/A 8.8 HIGH
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.
CVE-2023-38576 1 Elecom 2 Lan-wh300n\/re, Lan-wh300n\/re Firmware 2024-10-08 N/A 8.0 HIGH
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console.
CVE-2023-38132 1 Elecom 2 Lan-w451ngr, Lan-w451ngr Firmware 2024-10-08 N/A 8.8 HIGH
LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.
CVE-2023-32626 1 Elecom 4 Lan-w300n\/pr5, Lan-w300n\/pr5 Firmware, Lan-w300n\/rs and 1 more 2024-10-08 N/A 9.8 CRITICAL
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
CVE-2023-40072 1 Elecom 4 Wab-s300, Wab-s300 Firmware, Wab-s600-ps and 1 more 2024-09-09 N/A 8.8 HIGH
OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
CVE-2024-34577 1 Elecom 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more 2024-09-03 N/A 6.1 MEDIUM
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
CVE-2024-39300 1 Elecom 2 Wab-i1750-ps, Wab-i1750-ps Firmware 2024-09-03 N/A 3.7 LOW
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.
CVE-2024-22372 1 Elecom 10 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 7 more 2024-08-01 N/A 6.8 MEDIUM
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
CVE-2023-43752 1 Elecom 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more 2024-02-28 N/A 8.0 HIGH
OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.
CVE-2023-43757 1 Elecom 68 Lan-w300n\/p, Lan-w300n\/p Firmware, Lan-w300n\/rs and 65 more 2024-02-28 N/A 6.5 MEDIUM
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.
CVE-2023-37560 1 Elecom 4 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 1 more 2024-02-28 N/A 6.1 MEDIUM
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
CVE-2023-39944 1 Elecom 4 Wrc-1750ghbk, Wrc-1750ghbk Firmware, Wrc-f1167acf and 1 more 2024-02-28 N/A 8.8 HIGH
OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
CVE-2023-37564 1 Elecom 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more 2024-02-28 N/A 8.0 HIGH
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.