Filtered by vendor Elecom
Subscribe
Total
48 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20651 | 1 Elecom | 1 File Manager | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an existing file in a directory which can be accessed with the application privileges via unspecified vectors. | |||||
CVE-2021-20645 | 1 Elecom | 2 Wrc-300febk-a, Wrc-300febk-a Firmware | 2024-02-04 | 4.3 MEDIUM | 5.4 MEDIUM |
Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | |||||
CVE-2021-20649 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2024-02-04 | 5.8 MEDIUM | 4.8 MEDIUM |
ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. | |||||
CVE-2021-20648 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2024-02-04 | 7.7 HIGH | 6.8 MEDIUM |
ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2021-20647 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
CVE-2021-20644 | 1 Elecom | 2 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | |||||
CVE-2021-20646 | 1 Elecom | 2 Wrc-300febk-a, Wrc-300febk-a Firmware | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
CVE-2021-20650 | 1 Elecom | 2 Ncc-ewf100rmwh2, Ncc-ewf100rmwh2 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. |