Filtered by vendor Elecom
Subscribe
Total
48 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-40883 | 1 Elecom | 12 Wrc-2533gs2-b, Wrc-2533gs2-b Firmware, Wrc-2533gs2-w and 9 more | 2024-09-26 | N/A | 8.8 HIGH |
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. | |||||
CVE-2023-40072 | 1 Elecom | 4 Wab-s300, Wab-s300 Firmware, Wab-s600-ps and 1 more | 2024-09-09 | N/A | 8.8 HIGH |
OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | |||||
CVE-2024-34577 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2024-09-03 | N/A | 6.1 MEDIUM |
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | |||||
CVE-2024-39300 | 1 Elecom | 2 Wab-i1750-ps, Wab-i1750-ps Firmware | 2024-09-03 | N/A | 3.7 LOW |
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. | |||||
CVE-2024-42412 | 1 Elecom | 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more | 2024-09-03 | N/A | 6.1 MEDIUM |
Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | |||||
CVE-2024-22372 | 1 Elecom | 10 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 7 more | 2024-08-01 | N/A | 6.8 MEDIUM |
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | |||||
CVE-2023-49695 | 1 Elecom | 6 Wrc-x3000gs, Wrc-x3000gs Firmware, Wrc-x3000gsa and 3 more | 2024-02-05 | N/A | 6.8 MEDIUM |
OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | |||||
CVE-2023-43757 | 1 Elecom | 68 Lan-w300n\/p, Lan-w300n\/p Firmware, Lan-w300n\/rs and 65 more | 2024-02-05 | N/A | 6.5 MEDIUM |
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | |||||
CVE-2023-43752 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2024-02-05 | N/A | 8.0 HIGH |
OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | |||||
CVE-2023-37561 | 1 Elecom | 8 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 5 more | 2024-02-05 | N/A | 6.1 MEDIUM |
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | |||||
CVE-2023-37568 | 1 Elecom | 4 Wrc-1167gebk-s, Wrc-1167gebk-s Firmware, Wrc-1167ghbk-s and 1 more | 2024-02-05 | N/A | 8.0 HIGH |
ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | |||||
CVE-2023-37567 | 1 Elecom | 2 Wrc-1167ghbk3-a, Wrc-1167ghbk3-a Firmware | 2024-02-05 | N/A | 9.8 CRITICAL |
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. | |||||
CVE-2023-37565 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-02-05 | N/A | 8.0 HIGH |
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. | |||||
CVE-2023-37560 | 1 Elecom | 4 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 1 more | 2024-02-05 | N/A | 6.1 MEDIUM |
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | |||||
CVE-2023-37562 | 1 Elecom | 4 Wtc-c1167gc-b, Wtc-c1167gc-b Firmware, Wtc-c1167gc-w and 1 more | 2024-02-05 | N/A | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. | |||||
CVE-2023-37563 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-02-05 | N/A | 6.5 MEDIUM |
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. | |||||
CVE-2023-37564 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-02-05 | N/A | 8.0 HIGH |
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. | |||||
CVE-2023-37566 | 1 Elecom | 4 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167ghbk3-a and 1 more | 2024-02-05 | N/A | 8.0 HIGH |
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. | |||||
CVE-2023-22282 | 2 Elecom, Microsoft | 2 Wab-mat, Windows | 2024-02-04 | N/A | 7.3 HIGH |
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. | |||||
CVE-2023-22368 | 2 Elecom, Microsoft | 3 Camera Assistant, Quickfiledealer, Windows | 2024-02-04 | N/A | 7.8 HIGH |
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. |