Search
Find a vulnerability
Search criteria
6 vulnerabilities found for WMC-X1800GST2-B by ELECOM CO.,LTD.
CVE-2024-25579 (GCVE-0-2024-25579)
Vulnerability from nvd – Published: 2024-02-28 23:08 – Updated: 2026-02-03 07:57
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
Severity
6.8 (Medium)
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GS2-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GS2H-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GST2 |
Affected:
v1.32 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-W |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2V-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GST2 |
Affected:
v1.30 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.41 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-1167gs2-b_firmware |
Affected:
0 , ≤ 1.67
(custom)
cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gs2h-b_firmware |
Affected:
0 , ≤ 1.67
(custom)
cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-b_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-w_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2v-b_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x3200gst3-b_firmware |
Affected:
0 , ≤ 1.25
(custom)
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-g01-w_firmware |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wmc-x1800gst-b_firmware |
Affected:
0 , ≤ 1.41
(custom)
cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gst2_firmware |
Affected:
0 , ≤ 1.32
(custom)
cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gst2_firmware |
Affected:
0 , ≤ 1.30
(custom)
cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99444194/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2h-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2v-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x3200gst3-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-g01-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wmc-x1800gst-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gst2_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gst2_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T16:04:56.890317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:10:28.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GS2H-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.32 and earlier"
}
]
},
{
"product": "WRC-2533GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2V-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.30 and earlier"
}
]
},
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.41 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T07:57:43.515Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99444194/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-25579",
"datePublished": "2024-02-28T23:08:49.598Z",
"dateReserved": "2024-02-15T01:25:08.855Z",
"dateUpdated": "2026-02-03T07:57:43.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39454 (GCVE-0-2023-39454)
Vulnerability from nvd – Published: 2023-08-18 09:41 – Updated: 2026-05-12 08:10
VLAI
Summary
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3A-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-x1800gs-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsa-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsh-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsa-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsh-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:02:33.925181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:02:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X3000GS3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WRC-X3000GS3A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:42.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39454",
"datePublished": "2023-08-18T09:41:14.665Z",
"dateReserved": "2023-08-09T11:55:02.234Z",
"dateUpdated": "2026-05-12T08:10:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-25579 (GCVE-0-2024-25579)
Vulnerability from cvelistv5 – Published: 2024-02-28 23:08 – Updated: 2026-02-03 07:57
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
Severity
6.8 (Medium)
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GS2-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GS2H-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GST2 |
Affected:
v1.32 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-W |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2V-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GST2 |
Affected:
v1.30 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.41 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-1167gs2-b_firmware |
Affected:
0 , ≤ 1.67
(custom)
cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gs2h-b_firmware |
Affected:
0 , ≤ 1.67
(custom)
cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-b_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-w_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2v-b_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x3200gst3-b_firmware |
Affected:
0 , ≤ 1.25
(custom)
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-g01-w_firmware |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wmc-x1800gst-b_firmware |
Affected:
0 , ≤ 1.41
(custom)
cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gst2_firmware |
Affected:
0 , ≤ 1.32
(custom)
cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gst2_firmware |
Affected:
0 , ≤ 1.30
(custom)
cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99444194/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2h-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2v-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x3200gst3-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-g01-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wmc-x1800gst-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gst2_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gst2_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T16:04:56.890317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:10:28.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GS2H-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.32 and earlier"
}
]
},
{
"product": "WRC-2533GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2V-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.30 and earlier"
}
]
},
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.41 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T07:57:43.515Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99444194/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-25579",
"datePublished": "2024-02-28T23:08:49.598Z",
"dateReserved": "2024-02-15T01:25:08.855Z",
"dateUpdated": "2026-02-03T07:57:43.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39454 (GCVE-0-2023-39454)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:41 – Updated: 2026-05-12 08:10
VLAI
Summary
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3A-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-x1800gs-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsa-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsh-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsa-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsh-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:02:33.925181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:02:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X3000GS3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WRC-X3000GS3A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:42.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39454",
"datePublished": "2023-08-18T09:41:14.665Z",
"dateReserved": "2023-08-09T11:55:02.234Z",
"dateUpdated": "2026-05-12T08:10:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
JVNDB-2024-002831
Vulnerability from jvndb - Published: 2024-02-22 08:15 - Updated:2026-02-04 12:02
Severity
Summary
ELECOM wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002831.html",
"dc:date": "2026-02-04T12:02+09:00",
"dcterms:issued": "2024-02-22T08:15+09:00",
"dcterms:modified": "2026-02-04T12:02+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002831.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wmc-2lx2-b",
"@product": "WMC-2LX2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst2-b",
"@product": "WMC-X1800GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
"@product": "WRC-2533GS2V-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-g01-w",
"@product": "WRC-G01-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3200gst3-b",
"@product": "WRC-X3200GST3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs2-b",
"@product": "WSC-X1800GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-002831",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99444194/index.html",
"@id": "JVNVU#99444194",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-25579",
"@id": "CVE-2024-25579",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "ELECOM wireless LAN routers vulnerable to OS command injection"
}
JVNDB-2023-002797
Vulnerability from jvndb - Published: 2023-08-15 11:54 - Updated:2026-05-15 19:42
Severity
Summary
Multiple vulnerabilities in ELECOM and LOGITEC network devices
Details
Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
* Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445
* Telnet service access restriction failure (CWE-284) - CVE-2023-38132
* Hidden Functionality (CWE-912) - CVE-2023-38576
* Buffer overflow (CWE-120) - CVE-2023-39454
* OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072
* OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
"dc:date": "2026-05-15T19:42+09:00",
"dcterms:issued": "2023-08-15T11:54+09:00",
"dcterms:modified": "2026-05-15T19:42+09:00",
"description": "Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445\r\n * Telnet service access restriction failure (CWE-284) - CVE-2023-38132\r\n * Hidden Functionality (CWE-912) - CVE-2023-38576\r\n * Buffer overflow (CWE-120) - CVE-2023-39454\r\n * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072\r\n * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
"sec:cpe": [
{
"#text": "cpe:/a:elecom:wab-i1750-ps",
"@product": "WAB-I1750-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:elecom:wab-s1167-ps",
"@product": "WAB-S1167-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-m1775-ps",
"@product": "WAB-M1775-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-m2133",
"@product": "WAB-M2133",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s1167",
"@product": "WAB-S1167",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s1775",
"@product": "WAB-S1775",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s300_firmware",
"@product": "WAB-S300",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s600-ps_firmware",
"@product": "WAB-S600-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2lx-b",
"@product": "WMC-2LX-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2lx2-b",
"@product": "WMC-2LX2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst2-b",
"@product": "WMC-X1800GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk2",
"@product": "WRC-1167GHBK2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
"@product": "WRC-1467GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1467ghbk-s_firmware",
"@product": "WRC-1467GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk",
"@product": "WRC-1750GHBK",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk-e",
"@product": "WRC-1750GHBK-E",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk2-i",
"@product": "WRC-1750GHBK2-I",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
"@product": "WRC-1900GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900ghbk-s_firmware",
"@product": "WRC-1900GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
"@product": "WRC-600GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
"@product": "WRC-733FEBK2-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-f1167acf",
"@product": "WRC-F1167ACF",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
"@product": "WRC-F1167ACF2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs3-b",
"@product": "WRC-X3000GS3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs3a-b",
"@product": "WRC-X3000GS3A-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs-b",
"@product": "WSC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs2-b",
"@product": "WSC-X1800GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w300n%2fdr_firmware",
"@product": "LAN-W300N/DR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w300n%2fpr5_firmware",
"@product": "LAN-W300N/PR5",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w451ngr_firmware",
"@product": "LAN-W451NGR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300an%2fdgp_firmware",
"@product": "LAN-WH300AN/DGP",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300andgpe_firmware",
"@product": "LAN-WH300ANDGPE",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300n%2fdr_firmware",
"@product": "LAN-WH300N/DR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300n%2fre_firmware",
"@product": "LAN-WH300N/RE",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh450n%2fgp_firmware",
"@product": "LAN-WH450N/GP",
"@vendor": "Logitec Corp.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-002797",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU91630351/index.html",
"@id": "JVNVU#91630351",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32626",
"@id": "CVE-2023-32626",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-35991",
"@id": "CVE-2023-35991",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38132",
"@id": "CVE-2023-38132",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38576",
"@id": "CVE-2023-38576",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39445",
"@id": "CVE-2023-39445",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39454",
"@id": "CVE-2023-39454",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39455",
"@id": "CVE-2023-39455",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39944",
"@id": "CVE-2023-39944",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40069",
"@id": "CVE-2023-40069",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40072",
"@id": "CVE-2023-40072",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32626",
"@id": "CVE-2023-32626",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35991",
"@id": "CVE-2023-35991",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38132",
"@id": "CVE-2023-38132",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38576",
"@id": "CVE-2023-38576",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445",
"@id": "CVE-2023-39445",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39454",
"@id": "CVE-2023-39454",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39455",
"@id": "CVE-2023-39455",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39944",
"@id": "CVE-2023-39944",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40069",
"@id": "CVE-2023-40069",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40072",
"@id": "CVE-2023-40072",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/120.html",
"@id": "CWE-120",
"@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/912.html",
"@id": "CWE-912",
"@title": "Hidden Functionality(CWE-912)"
}
],
"title": "Multiple vulnerabilities in ELECOM and LOGITEC network devices"
}