Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for WRC-1167GS2-B by ELECOM CO.,LTD.

    JVNDB-2025-000041

    Vulnerability from jvndb - Published: 2025-06-24 14:50 - Updated:2026-02-03 15:35
    Severity
    Summary
    Multiple vulnerabilities in ELECOM wireless LAN routers
    Details
    Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
    • Unrestricted upload of file with dangerous type (CWE-434) - CVE-2025-36519
    • OS command injection in Connection Diagnostics page (CWE-78) - CVE-2025-41427
    • Stored cross-site scripting in WebGUI (CWE-79) - CVE-2025-43877
    • OS command injection in the telnet function (CWE-78) - CVE-2025-43879
    • OS command injection in miniigd SOAP service (CWE-78) - CVE-2025-48890
    CVE-2025-36519 Tien Phan reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2025-41427 Yoshiki Yuzawa of IssueHunt, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2025-43877 Kawauchi Manami of NEC Fielding,Ltd. and Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2025-43879, CVE-2025-48890 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000041.html",
      "dc:date": "2026-02-03T15:35+09:00",
      "dcterms:issued": "2025-06-24T14:50+09:00",
      "dcterms:modified": "2026-02-03T15:35+09:00",
      "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eUnrestricted upload of file with dangerous type (CWE-434) - CVE-2025-36519\u003c/li\u003e\r\n\u003cli\u003eOS command injection in Connection Diagnostics page (CWE-78) - CVE-2025-41427\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting in WebGUI (CWE-79) - CVE-2025-43877\u003c/li\u003e\r\n\u003cli\u003eOS command injection in the telnet function (CWE-78) - CVE-2025-43879\u003c/li\u003e\r\n\u003cli\u003eOS command injection in miniigd SOAP service (CWE-78) - CVE-2025-48890\u003c/li\u003e\r\n\u003c/ul\u003e\r\nCVE-2025-36519\r\nTien Phan reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2025-41427\r\nYoshiki Yuzawa of IssueHunt, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-43877\r\nKawauchi Manami of NEC Fielding,Ltd. and Toyama Taku of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-43879, CVE-2025-48890\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000041.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk2-s",
          "@product": "WRC-1167GHBK2-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
          "@product": "WRC-1167GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
          "@product": "WRC-1167GS2H-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
          "@product": "WRC-1167GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
          "@product": "WRC-2533GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
          "@product": "WRC-2533GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
          "@product": "WRC-2533GS2V-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
          "@product": "WRC-2533GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gsa_firmware",
          "@product": "WRC-X3000GSA firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gsn_firmware",
          "@product": "WRC-X3000GSN firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs_firmware",
          "@product": "WRC-X3000GS firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-733gbk_firmware",
          "@product": "WRH-733GBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-733gwh_firmware",
          "@product": "WRH-733GWH firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.8",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000041",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN39435597/index.html",
          "@id": "JVN#39435597",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-36519",
          "@id": "CVE-2025-36519",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-41427",
          "@id": "CVE-2025-41427",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-43877",
          "@id": "CVE-2025-43877",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-43879",
          "@id": "CVE-2025-43879",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-48890",
          "@id": "CVE-2025-48890",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
    }

    JVNDB-2024-000078

    Vulnerability from jvndb - Published: 2024-07-30 15:34 - Updated:2026-05-14 18:19
    Severity
    Summary
    Multiple vulnerabilities in ELECOM wireless LAN routers
    Details
    Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type (CWE-434) CVE-2024-34021 OS Command Injection (CWE-78) CVE-2024-39607 Cross-Site Request Forgery (CWE-352) CVE-2024-40883 CVE-2024-34021 Toyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-39607, CVE-2024-40883 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
      "dc:date": "2026-05-14T18:19+09:00",
      "dcterms:issued": "2024-07-30T15:34+09:00",
      "dcterms:modified": "2026-05-14T18:19+09:00",
      "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\nUnrestricted Upload of File with Dangerous Type (CWE-434)\r\nCVE-2024-34021\r\nOS Command Injection (CWE-78)\r\nCVE-2024-39607\r\nCross-Site Request Forgery (CWE-352)\r\nCVE-2024-40883\r\n\r\nCVE-2024-34021\r\nToyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39607, CVE-2024-40883\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wmc-2lx-b",
          "@product": "WMC-2LX-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-x1800gst-b",
          "@product": "WMC-X1800GST-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
          "@product": "WRC-1167GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
          "@product": "WRC-1167GS2H-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2",
          "@product": "WRC-1167GST2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
          "@product": "WRC-2533GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
          "@product": "WRC-2533GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
          "@product": "WRC-2533GS2V-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2",
          "@product": "WRC-2533GST2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-g01-w",
          "@product": "WRC-G01-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1500GS-B",
          "@product": "WRC-X1500GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1500GSA-B",
          "@product": "WRC-X1500GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
          "@product": "WRC-X1800GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
          "@product": "WRC-X1800GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
          "@product": "WRC-X1800GSH-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-b",
          "@product": "WRC-X3000GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-w",
          "@product": "WRC-X3000GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
          "@product": "WRC-X3000GS2A-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gst2-b",
          "@product": "WRC-X3000GST2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3200gst3-b",
          "@product": "WRC-X3200GST3-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qs-g",
          "@product": "WRC-X6000QS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qsa-g",
          "@product": "WRC-X6000QSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
          "@product": "WRC-X6000XS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
          "@product": "WRC-X6000XST-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gs-g",
          "@product": "WRC-XE5400GS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
          "@product": "WRC-XE5400GSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000078",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN06672778/",
          "@id": "JVN#06672778",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34021",
          "@id": "CVE-2024-34021",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39607",
          "@id": "CVE-2024-39607",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-40883",
          "@id": "CVE-2024-40883",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
    }

    JVNDB-2024-002831

    Vulnerability from jvndb - Published: 2024-02-22 08:15 - Updated:2026-02-04 12:02

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002831.html",
      "dc:date": "2026-02-04T12:02+09:00",
      "dcterms:issued": "2024-02-22T08:15+09:00",
      "dcterms:modified": "2026-02-04T12:02+09:00",
      "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002831.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wmc-2lx2-b",
          "@product": "WMC-2LX2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-x1800gst-b",
          "@product": "WMC-X1800GST-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-x1800gst2-b",
          "@product": "WMC-X1800GST2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
          "@product": "WRC-1167GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
          "@product": "WRC-1167GS2H-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
          "@product": "WRC-1167GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
          "@product": "WRC-2533GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
          "@product": "WRC-2533GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
          "@product": "WRC-2533GS2V-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
          "@product": "WRC-2533GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-g01-w",
          "@product": "WRC-G01-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3200gst3-b",
          "@product": "WRC-X3200GST3-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wsc-x1800gs2-b",
          "@product": "WSC-X1800GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.2",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-002831",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU99444194/index.html",
          "@id": "JVNVU#99444194",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-25579",
          "@id": "CVE-2024-25579",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "ELECOM wireless LAN routers vulnerable to OS command injection"
    }

    JVNDB-2024-000020

    Vulnerability from jvndb - Published: 2024-02-20 14:14 - Updated:2024-11-26 15:26
    Severity
    Summary
    Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
    Details
    Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
    • Cross-site Scripting (CWE-79) - CVE-2024-21798
    • Cross-Site Request Forgery (CWE-352) - CVE-2024-23910
    CVE-2024-21798 Yamaguchi Kakeru of Fujitsu Limited reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-23910 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000020.html",
      "dc:date": "2024-11-26T15:26+09:00",
      "dcterms:issued": "2024-02-20T14:14+09:00",
      "dcterms:modified": "2024-11-26T15:26+09:00",
      "description": "Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\u003cli\u003eCross-site Scripting (CWE-79) - CVE-2024-21798\u003c/li\u003e\r\n\u003cli\u003eCross-Site Request Forgery (CWE-352) - CVE-2024-23910\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2024-21798\r\nYamaguchi Kakeru of Fujitsu Limited reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23910\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000020.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wmc-x1800gst-b",
          "@product": "WMC-X1800GST-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
          "@product": "WRC-1167GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
          "@product": "WRC-1167GS2H-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
          "@product": "WRC-1167GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
          "@product": "WRC-2533GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
          "@product": "WRC-2533GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
          "@product": "WRC-2533GS2V-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
          "@product": "WRC-2533GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-g01-w",
          "@product": "WRC-G01-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3200gst3-b",
          "@product": "WRC-X3200GST3-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wsc-x1800gs-b",
          "@product": "WSC-X1800GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "3.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "4.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000020",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN44166658/index.html",
          "@id": "JVN#44166658",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-21798",
          "@id": "CVE-2024-21798",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-23910",
          "@id": "CVE-2024-23910",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater"
    }

    JVNDB-2021-004912

    Vulnerability from jvndb - Published: 2021-12-02 17:16 - Updated:2022-03-30 16:11
    Severity
    Summary
    Multiple vulnerabilities in multiple ELECOM routers
    Details
    Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. * Improper access control leading to unauthorized activation of telnet service (CWE-284) - CVE-2021-20862 * OS command injection (CWE-78) - CVE-2021-20863 * Improper access control leading to unauthorized activation of telnet service (CWE-284) - CVE-2021-20864 Chuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-004912.html",
      "dc:date": "2022-03-30T16:11+09:00",
      "dcterms:issued": "2021-12-02T17:16+09:00",
      "dcterms:modified": "2022-03-30T16:11+09:00",
      "description": "Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n  * Improper access control leading to unauthorized activation of telnet service (CWE-284) - CVE-2021-20862\r\n\r\n  * OS command injection (CWE-78) - CVE-2021-20863\r\n\r\n  * Improper access control leading to unauthorized activation of telnet service \r\n(CWE-284) - CVE-2021-20864\r\n\r\nChuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-004912.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:edwrc-2533gst2_firmware",
          "@product": "EDWRC-2533GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-2hc-w_firmware",
          "@product": "WMC-2HC-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-c2533gst-w_firmware",
          "@product": "WMC-C2533GST-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-dlgst2-w_firmware",
          "@product": "WMC-DLGST2-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-m1267gst2-w_firmware",
          "@product": "WMC-M1267GST2-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
          "@product": "WRC-1167GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
          "@product": "WRC-1167GS2H-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2a_firmware",
          "@product": "WRC-1167GST2A firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2h_firmware",
          "@product": "WRC-1167GST2H firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
          "@product": "WRC-1167GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750gst2_firmware",
          "@product": "WRC-1750GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750gsv_firmware",
          "@product": "WRC-1750GSV firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750gs_firmware",
          "@product": "WRC-1750GS firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900gst2sp_firmware",
          "@product": "WRC-1900GST2SP firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900gst2_firmware",
          "@product": "WRC-1900GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900gst_firmware",
          "@product": "WRC-1900GST firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
          "@product": "WRC-2533GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
          "@product": "WRC-2533GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2-g_firmware",
          "@product": "WRC-2533GST2-G firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2sp_firmware",
          "@product": "WRC-2533GST2SP firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
          "@product": "WRC-2533GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gsta_firmware",
          "@product": "WRC-2533GSTA firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst_firmware",
          "@product": "WRC-2533GST firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.7",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "8.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-004912",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU94527926/index.html",
          "@id": "JVNVU#94527926",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20862",
          "@id": "CVE-2021-20862",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20863",
          "@id": "CVE-2021-20863",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20864",
          "@id": "CVE-2021-20864",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20862",
          "@id": "CVE-2021-20862",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20863",
          "@id": "CVE-2021-20863",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20864",
          "@id": "CVE-2021-20864",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/284.html",
          "@id": "CWE-284",
          "@title": "Improper Access Control(CWE-284)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple ELECOM routers"
    }

    JVNDB-2021-000108

    Vulnerability from jvndb - Published: 2021-11-30 16:23 - Updated:2022-03-29 16:18
    Severity
    Summary
    Multiple vulnerabilities in multiple ELECOM LAN routers
    Details
    Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. * Buffer overflow (CWE-121) - CVE-2021-20852 * OS command injection (CWE-78) - CVE-2021-20853, CVE-2021-20854 * Cross-site scripting (CWE-79) - CVE-2021-20855, CVE-2021-20856 * Cross-site scripting (CWE-79) - CVE-2021-20857 * Cross-site scripting (CWE-79) - CVE-2021-20858 * OS command injection (CWE-78) - CVE-2021-20859 * Cross-site request forgery (CWE-352) - CVE-2021-20860 * Improper access control (CWE-284) - CVE-2021-20861, CVE-2022-25915 CVE-2021-20852, CVE-2021-20853, CVE-2021-20854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20855, CVE-2021-20856 Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20857, CVE-2021-20858 Imaoka Ryo, Imaoka Toshio of Cyber Security Reserach Team reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20859, CVE-2021-20860, CVE-2021-20861 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2022-25915 Katsuhiko Sato(a.k.a. goroh_kun) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    References
    JVN https://jvn.jp/en/jp/JVN88993473/index.html
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20852
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20853
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20854
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20855
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20856
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20857
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20858
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20859
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20860
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20861
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25915
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20852
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20853
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20854
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20855
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20856
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20857
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20858
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20859
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20860
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20861
    NVD https://nvd.nist.gov/vuln/detail/CVE-2022-25915
    Buffer Errors(CWE-119) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000108.html",
      "dc:date": "2022-03-29T16:18+09:00",
      "dcterms:issued": "2021-11-30T16:23+09:00",
      "dcterms:modified": "2022-03-29T16:18+09:00",
      "description": "Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n* Buffer overflow (CWE-121) - CVE-2021-20852\r\n* OS command injection (CWE-78) - CVE-2021-20853, CVE-2021-20854\r\n* Cross-site scripting (CWE-79) - CVE-2021-20855, CVE-2021-20856\r\n* Cross-site scripting (CWE-79) - CVE-2021-20857\r\n* Cross-site scripting (CWE-79) - CVE-2021-20858\r\n* OS command injection (CWE-78) - CVE-2021-20859\r\n* Cross-site request forgery (CWE-352) - CVE-2021-20860\r\n* Improper access control (CWE-284) - CVE-2021-20861, CVE-2022-25915\r\n\r\nCVE-2021-20852, CVE-2021-20853, CVE-2021-20854\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20855, CVE-2021-20856\r\nTomonori Yamamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20857, CVE-2021-20858\r\nImaoka Ryo, Imaoka Toshio of Cyber Security Reserach Team reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20859, CVE-2021-20860, CVE-2021-20861\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-25915\r\nKatsuhiko Sato(a.k.a. goroh_kun) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000108.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:edwrc-2533gst2_firmware",
          "@product": "EDWRC-2533GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-2hc-w_firmware",
          "@product": "WMC-2HC-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-c2533gst-w_firmware",
          "@product": "WMC-C2533GST-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-dlgst2-w_firmware",
          "@product": "WMC-DLGST2-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-m1267gst2-w_firmware",
          "@product": "WMC-M1267GST2-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
          "@product": "WRC-1167GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
          "@product": "WRC-1167GS2H-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2a_firmware",
          "@product": "WRC-1167GST2A firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2h_firmware",
          "@product": "WRC-1167GST2H firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
          "@product": "WRC-1167GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750gst2_firmware",
          "@product": "WRC-1750GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750gsv_firmware",
          "@product": "WRC-1750GSV firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750gs_firmware",
          "@product": "WRC-1750GS firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900gst2sp_firmware",
          "@product": "WRC-1900GST2SP firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900gst2_firmware",
          "@product": "WRC-1900GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900gst_firmware",
          "@product": "WRC-1900GST firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533ghbk-i_firmware",
          "@product": "WRC-2533GHBK-I firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
          "@product": "WRC-2533GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
          "@product": "WRC-2533GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2-g_firmware",
          "@product": "WRC-2533GST2-G firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2sp_firmware",
          "@product": "WRC-2533GST2SP firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
          "@product": "WRC-2533GST2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gsta_firmware",
          "@product": "WRC-2533GSTA firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst_firmware",
          "@product": "WRC-2533GST firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-733gbk_firmware",
          "@product": "WRH-733GBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-733gwh_firmware",
          "@product": "WRH-733GWH firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.7",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "8.0",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000108",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN88993473/index.html",
          "@id": "JVN#88993473",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20852",
          "@id": "CVE-2021-20852",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20853",
          "@id": "CVE-2021-20853",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20854",
          "@id": "CVE-2021-20854",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20855",
          "@id": "CVE-2021-20855",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20856",
          "@id": "CVE-2021-20856",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20857",
          "@id": "CVE-2021-20857",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20858",
          "@id": "CVE-2021-20858",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20859",
          "@id": "CVE-2021-20859",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20860",
          "@id": "CVE-2021-20860",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20861",
          "@id": "CVE-2021-20861",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25915",
          "@id": "CVE-2022-25915",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20852",
          "@id": "CVE-2021-20852",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20853",
          "@id": "CVE-2021-20853",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20854",
          "@id": "CVE-2021-20854",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20855",
          "@id": "CVE-2021-20855",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20856",
          "@id": "CVE-2021-20856",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20857",
          "@id": "CVE-2021-20857",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20858",
          "@id": "CVE-2021-20858",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20859",
          "@id": "CVE-2021-20859",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20860",
          "@id": "CVE-2021-20860",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20861",
          "@id": "CVE-2021-20861",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25915",
          "@id": "CVE-2022-25915",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-119",
          "@title": "Buffer Errors(CWE-119)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple ELECOM LAN routers"
    }

    CVE-2025-36519 (GCVE-0-2025-36519)

    Vulnerability from nvd – Published: 2025-06-24 04:36 – Updated: 2026-02-03 07:57
    VLAI
    Summary
    Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69 and earlier, WRC-2533GS2-W, WRC-1167GST2, WRC-1167GS2-B, and WRC-1167GS2H-B. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted upload of file with dangerous type
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T15:22:17.639856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-25T12:42:58.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.31 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.34 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.69 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.69 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.69 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69 and earlier, WRC-2533GS2-W, WRC-1167GST2, WRC-1167GS2-B, and WRC-1167GS2H-B. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted upload of file with dangerous type",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T07:57:26.251Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20250624-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN39435597/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-36519",
        "datePublished": "2025-06-24T04:36:57.179Z",
        "dateReserved": "2025-06-17T00:53:00.646Z",
        "dateUpdated": "2026-02-03T07:57:26.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34021 (GCVE-0-2024-34021)

    Vulnerability from nvd – Published: 2024-08-01 01:15 – Updated: 2026-05-12 08:11
    VLAI
    Summary
    Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted upload of file with dangerous type
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.68 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.68 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.68 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.74 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.74 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.27 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.26 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-2LX-B Affected: v1.42 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.42 and earlier
    Create a notification for this product.
    elecom wrc-2533gs2v-b_firmware Affected: 0 , ≤ 1.68 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b_firmware Affected: 0 , ≤ 1.68 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w_firmware Affected: 0 , ≤ 1.68 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gst2_firmware Affected: 0 , ≤ 1.30 (custom)
        cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.68",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.68",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.68",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gst2_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T13:31:32.438360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T20:56:59.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.68 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.68 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.68 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.27 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.26 and earlier"
                }
              ]
            },
            {
              "product": "WMC-2LX-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.42 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.42 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted upload of file with dangerous type",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:11:19.282Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-34021",
        "datePublished": "2024-08-01T01:15:56.174Z",
        "dateReserved": "2024-07-26T08:52:16.452Z",
        "dateUpdated": "2026-05-12T08:11:19.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-25579 (GCVE-0-2024-25579)

    Vulnerability from nvd – Published: 2024-02-28 23:08 – Updated: 2026-02-03 07:57
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.25 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.41 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-2LX2-B Affected: v1.16
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST2-B Affected: v1.16
    Create a notification for this product.
    ELECOM CO.,LTD. WSC-X1800GS2-B Affected: v1.16
    Create a notification for this product.
    elecom wrc-1167gs2-b_firmware Affected: 0 , ≤ 1.67 (custom)
        cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gs2h-b_firmware Affected: 0 , ≤ 1.67 (custom)
        cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b_firmware Affected: 0 , ≤ 1.62 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w_firmware Affected: 0 , ≤ 1.62 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2v-b_firmware Affected: 0 , ≤ 1.62 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x3200gst3-b_firmware Affected: 0 , ≤ 1.25 (custom)
        cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-g01-w_firmware Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wmc-x1800gst-b_firmware Affected: 0 , ≤ 1.41 (custom)
        cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gst2_firmware Affected: 0 , ≤ 1.32 (custom)
        cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gst2_firmware Affected: 0 , ≤ 1.30 (custom)
        cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99444194/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2h-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x3200gst3-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-g01-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wmc-x1800gst-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gst2_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.32",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gst2_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-01T16:04:56.890317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T17:10:28.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            },
            {
              "product": "WMC-2LX2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16"
                }
              ]
            },
            {
              "product": "WMC-X1800GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16"
                }
              ]
            },
            {
              "product": "WSC-X1800GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en-US",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T07:57:43.515Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99444194/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-25579",
        "datePublished": "2024-02-28T23:08:49.598Z",
        "dateReserved": "2024-02-15T01:25:08.855Z",
        "dateUpdated": "2026-02-03T07:57:43.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23910 (GCVE-0-2024-23910)

    Vulnerability from nvd – Published: 2024-02-28 23:07 – Updated: 2025-04-22 15:54
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.25 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.41 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WSC-X1800GS-B Affected: v1.41 and earlier
    Create a notification for this product.
    elecom wrc-1167gs2-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gs2h-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2v-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x3200gst3-b_firmware Affected: elecom , < v1.25 (custom)
        cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-g01-w_firmware Affected: 0 , < v1.24 (custom)
        cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wmc-x1800gst-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wsc-x1800gs-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2h-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x3200gst3-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.25",
                    "status": "affected",
                    "version": "elecom",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-g01-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wmc-x1800gst-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wsc-x1800gs-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23910",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T20:40:19.820700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T15:54:59.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:13:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            },
            {
              "product": "WSC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:41.689Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-23910",
        "datePublished": "2024-02-28T23:07:02.324Z",
        "dateReserved": "2024-02-15T01:25:06.163Z",
        "dateUpdated": "2025-04-22T15:54:59.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21798 (GCVE-0-2024-21798)

    Vulnerability from nvd – Published: 2024-02-28 23:03 – Updated: 2024-11-26 08:07
    VLAI
    Summary
    ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21798",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T19:43:48.346433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T18:08:56.473Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:04.819Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-21798",
        "datePublished": "2024-02-28T23:03:39.483Z",
        "dateReserved": "2024-02-15T01:25:08.021Z",
        "dateUpdated": "2024-11-26T08:07:04.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-36519 (GCVE-0-2025-36519)

    Vulnerability from cvelistv5 – Published: 2025-06-24 04:36 – Updated: 2026-02-03 07:57
    VLAI
    Summary
    Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69 and earlier, WRC-2533GS2-W, WRC-1167GST2, WRC-1167GS2-B, and WRC-1167GS2H-B. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted upload of file with dangerous type
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-36519",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T15:22:17.639856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-25T12:42:58.499Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.31 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.34 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.69 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.69 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.69 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69 and earlier, WRC-2533GS2-W, WRC-1167GST2, WRC-1167GS2-B, and WRC-1167GS2H-B. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted upload of file with dangerous type",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T07:57:26.251Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20250624-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN39435597/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-36519",
        "datePublished": "2025-06-24T04:36:57.179Z",
        "dateReserved": "2025-06-17T00:53:00.646Z",
        "dateUpdated": "2026-02-03T07:57:26.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-34021 (GCVE-0-2024-34021)

    Vulnerability from cvelistv5 – Published: 2024-08-01 01:15 – Updated: 2026-05-12 08:11
    VLAI
    Summary
    Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted upload of file with dangerous type
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.68 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.68 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.68 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.74 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.74 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.27 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.26 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-2LX-B Affected: v1.42 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.42 and earlier
    Create a notification for this product.
    elecom wrc-2533gs2v-b_firmware Affected: 0 , ≤ 1.68 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b_firmware Affected: 0 , ≤ 1.68 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w_firmware Affected: 0 , ≤ 1.68 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gst2_firmware Affected: 0 , ≤ 1.30 (custom)
        cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.68",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.68",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.68",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gst2_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-34021",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T13:31:32.438360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-434",
                    "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-09T20:56:59.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.68 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.68 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.68 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.74 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.27 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.26 and earlier"
                }
              ]
            },
            {
              "product": "WMC-2LX-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.42 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.42 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted upload of file with dangerous type",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:11:19.282Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-34021",
        "datePublished": "2024-08-01T01:15:56.174Z",
        "dateReserved": "2024-07-26T08:52:16.452Z",
        "dateUpdated": "2026-05-12T08:11:19.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-25579 (GCVE-0-2024-25579)

    Vulnerability from cvelistv5 – Published: 2024-02-28 23:08 – Updated: 2026-02-03 07:57
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.25 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.41 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-2LX2-B Affected: v1.16
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST2-B Affected: v1.16
    Create a notification for this product.
    ELECOM CO.,LTD. WSC-X1800GS2-B Affected: v1.16
    Create a notification for this product.
    elecom wrc-1167gs2-b_firmware Affected: 0 , ≤ 1.67 (custom)
        cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gs2h-b_firmware Affected: 0 , ≤ 1.67 (custom)
        cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b_firmware Affected: 0 , ≤ 1.62 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w_firmware Affected: 0 , ≤ 1.62 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2v-b_firmware Affected: 0 , ≤ 1.62 (custom)
        cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x3200gst3-b_firmware Affected: 0 , ≤ 1.25 (custom)
        cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-g01-w_firmware Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wmc-x1800gst-b_firmware Affected: 0 , ≤ 1.41 (custom)
        cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gst2_firmware Affected: 0 , ≤ 1.32 (custom)
        cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gst2_firmware Affected: 0 , ≤ 1.30 (custom)
        cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:44:09.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU99444194/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2h-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x3200gst3-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.25",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-g01-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wmc-x1800gst-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gst2_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.32",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gst2_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.30",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25579",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-01T16:04:56.890317Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T17:10:28.400Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            },
            {
              "product": "WMC-2LX2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16"
                }
              ]
            },
            {
              "product": "WMC-X1800GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16"
                }
              ]
            },
            {
              "product": "WSC-X1800GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en-US",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T07:57:43.515Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU99444194/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-25579",
        "datePublished": "2024-02-28T23:08:49.598Z",
        "dateReserved": "2024-02-15T01:25:08.855Z",
        "dateUpdated": "2026-02-03T07:57:43.515Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23910 (GCVE-0-2024-23910)

    Vulnerability from cvelistv5 – Published: 2024-02-28 23:07 – Updated: 2025-04-22 15:54
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.25 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.41 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WSC-X1800GS-B Affected: v1.41 and earlier
    Create a notification for this product.
    elecom wrc-1167gs2-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gs2h-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2v-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x3200gst3-b_firmware Affected: elecom , < v1.25 (custom)
        cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-g01-w_firmware Affected: 0 , < v1.24 (custom)
        cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wmc-x1800gst-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wsc-x1800gs-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2h-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x3200gst3-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.25",
                    "status": "affected",
                    "version": "elecom",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-g01-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wmc-x1800gst-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wsc-x1800gs-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23910",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T20:40:19.820700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T15:54:59.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:13:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            },
            {
              "product": "WSC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:41.689Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-23910",
        "datePublished": "2024-02-28T23:07:02.324Z",
        "dateReserved": "2024-02-15T01:25:06.163Z",
        "dateUpdated": "2025-04-22T15:54:59.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21798 (GCVE-0-2024-21798)

    Vulnerability from cvelistv5 – Published: 2024-02-28 23:03 – Updated: 2024-11-26 08:07
    VLAI
    Summary
    ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21798",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T19:43:48.346433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T18:08:56.473Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:04.819Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-21798",
        "datePublished": "2024-02-28T23:03:39.483Z",
        "dateReserved": "2024-02-15T01:25:08.021Z",
        "dateUpdated": "2024-11-26T08:07:04.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }