Search

Find a vulnerability

Search criteria

    15 vulnerabilities found for WRC-X1500GS-B by ELECOM CO.,LTD.

    CVE-2026-24449 (GCVE-0-2026-24449)

    Vulnerability from nvd – Published: 2026-02-03 06:57 – Updated: 2026-02-03 15:54
    VLAI
    Summary
    For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:53:54.600516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:54:07.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "Use of weak credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T06:57:20.505Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24449",
        "datePublished": "2026-02-03T06:57:20.505Z",
        "dateReserved": "2026-01-30T01:42:46.700Z",
        "dateUpdated": "2026-02-03T15:54:07.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22550 (GCVE-0-2026-22550)

    Vulnerability from nvd – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.16 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.14 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:55:01.293499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:55:14.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:24.537Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-22550",
        "datePublished": "2026-02-03T06:56:59.277Z",
        "dateReserved": "2026-01-30T01:42:48.683Z",
        "dateUpdated": "2026-05-12T08:09:24.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20704 (GCVE-0-2026-20704)

    Vulnerability from nvd – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.16 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:55:57.052296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:56:26.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:07.849Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-20704",
        "datePublished": "2026-02-03T06:56:42.019Z",
        "dateReserved": "2026-01-30T01:42:47.600Z",
        "dateUpdated": "2026-05-12T08:09:07.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-40883 (GCVE-0-2024-40883)

    Vulnerability from nvd – Published: 2024-08-01 01:18 – Updated: 2026-05-12 08:10
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:24:58.175059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T01:09:06.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:10:08.667Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40883",
        "datePublished": "2024-08-01T01:18:01.801Z",
        "dateReserved": "2024-07-26T08:52:14.749Z",
        "dateUpdated": "2026-05-12T08:10:08.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39607 (GCVE-0-2024-39607)

    Vulnerability from nvd – Published: 2024-08-01 01:17 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    elecom wrc-x6000xs-g_firmware Affected: 0 , ≤ 1.11 (custom)
        cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x1500gs-b_firmware Affected: 0 , ≤ 1.11 (custom)
        cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x1500gsa-b_firmware Affected: 0 , ≤ 1.11 (custom)
        cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x6000xs-g_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x1500gs-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x1500gsa-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39607",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:25:37.958754Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T14:32:12.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:55.122Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-39607",
        "datePublished": "2024-08-01T01:17:00.982Z",
        "dateReserved": "2024-07-26T08:52:15.655Z",
        "dateUpdated": "2026-05-12T08:09:55.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-22372 (GCVE-0-2024-22372)

    Vulnerability from nvd – Published: 2024-01-24 04:38 – Updated: 2026-05-12 08:10
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240123-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90908488/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-24T14:15:29.894844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:28.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.17 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.17 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.17 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:10:30.684Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240123-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90908488/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-22372",
        "datePublished": "2024-01-24T04:38:20.199Z",
        "dateReserved": "2024-01-10T00:47:14.234Z",
        "dateUpdated": "2026-05-12T08:10:30.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24449 (GCVE-0-2026-24449)

    Vulnerability from cvelistv5 – Published: 2026-02-03 06:57 – Updated: 2026-02-03 15:54
    VLAI
    Summary
    For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:53:54.600516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:54:07.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "Use of weak credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T06:57:20.505Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24449",
        "datePublished": "2026-02-03T06:57:20.505Z",
        "dateReserved": "2026-01-30T01:42:46.700Z",
        "dateUpdated": "2026-02-03T15:54:07.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22550 (GCVE-0-2026-22550)

    Vulnerability from cvelistv5 – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.16 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.14 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:55:01.293499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:55:14.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:24.537Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-22550",
        "datePublished": "2026-02-03T06:56:59.277Z",
        "dateReserved": "2026-01-30T01:42:48.683Z",
        "dateUpdated": "2026-05-12T08:09:24.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20704 (GCVE-0-2026-20704)

    Vulnerability from cvelistv5 – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.16 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20704",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:55:57.052296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:56:26.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:07.849Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-20704",
        "datePublished": "2026-02-03T06:56:42.019Z",
        "dateReserved": "2026-01-30T01:42:47.600Z",
        "dateUpdated": "2026-05-12T08:09:07.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-40883 (GCVE-0-2024-40883)

    Vulnerability from cvelistv5 – Published: 2024-08-01 01:18 – Updated: 2026-05-12 08:10
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:24:58.175059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T01:09:06.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:10:08.667Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40883",
        "datePublished": "2024-08-01T01:18:01.801Z",
        "dateReserved": "2024-07-26T08:52:14.749Z",
        "dateUpdated": "2026-05-12T08:10:08.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-39607 (GCVE-0-2024-39607)

    Vulnerability from cvelistv5 – Published: 2024-08-01 01:17 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    elecom wrc-x6000xs-g_firmware Affected: 0 , ≤ 1.11 (custom)
        cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x1500gs-b_firmware Affected: 0 , ≤ 1.11 (custom)
        cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x1500gsa-b_firmware Affected: 0 , ≤ 1.11 (custom)
        cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x6000xs-g_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x1500gs-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x1500gsa-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39607",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:25:37.958754Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-01T14:32:12.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:55.122Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-39607",
        "datePublished": "2024-08-01T01:17:00.982Z",
        "dateReserved": "2024-07-26T08:52:15.655Z",
        "dateUpdated": "2026-05-12T08:09:55.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-22372 (GCVE-0-2024-22372)

    Vulnerability from cvelistv5 – Published: 2024-01-24 04:38 – Updated: 2026-05-12 08:10
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240123-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU90908488/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-24T14:15:29.894844Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:28.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.17 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.17 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.17 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:10:30.684Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240123-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU90908488/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-22372",
        "datePublished": "2024-01-24T04:38:20.199Z",
        "dateReserved": "2024-01-10T00:47:14.234Z",
        "dateUpdated": "2026-05-12T08:10:30.684Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    JVNDB-2026-000019

    Vulnerability from jvndb - Published: 2026-02-03 14:57 - Updated:2026-05-14 12:24
    Severity
    Summary
    Multiple vulnerabilities in ELECOM wireless LAN products
    Details
    Wireless LAN products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
    • Cross-site request forgery (CWE-352) - CVE-2026-20704
    • OS command injection (CWE-78) - CVE-2026-22550
    • Use of weak credentials (CWE-1391) - CVE-2026-24449
    • Stack-based buffer overflow (CWE-121) - CVE-2026-24465
    CVE-2026-20704, CVE-2026-22550 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2026-24449 Soh Satoh reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2026-24465 MASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000019.html",
      "dc:date": "2026-05-14T12:24+09:00",
      "dcterms:issued": "2026-02-03T14:57+09:00",
      "dcterms:modified": "2026-05-14T12:24+09:00",
      "description": "Wireless LAN products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2026-20704\u003c/li\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-22550\u003c/li\u003e\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2026-24449\u003c/li\u003e\u003cli\u003eStack-based buffer overflow (CWE-121) - CVE-2026-24465\u003c/li\u003e\u003c/ul\u003eCVE-2026-20704, CVE-2026-22550\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-24449\r\nSoh Satoh reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-24465\r\nMASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000019.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wab-s300iw-ac",
          "@product": "WAB-S300IW-AC",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s300iw-pd",
          "@product": "WAB-S300IW-PD",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s300iw2-pd",
          "@product": "WAB-S300IW2-PD",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s733iw-ac",
          "@product": "WAB-S733IW-AC",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s733iw-pd",
          "@product": "WAB-S733IW-PD",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s733iw2-pd",
          "@product": "WAB-S733IW2-PD",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1500GS-B",
          "@product": "WRC-X1500GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1500GSA-B",
          "@product": "WRC-X1500GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
          "@product": "WRC-X1800GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
          "@product": "WRC-X1800GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
          "@product": "WRC-X1800GSH-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-b",
          "@product": "WRC-X3000GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-w",
          "@product": "WRC-X3000GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
          "@product": "WRC-X3000GS2A-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gst2-b",
          "@product": "WRC-X3000GST2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qs-g",
          "@product": "WRC-X6000QS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qsa-g",
          "@product": "WRC-X6000QSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
          "@product": "WRC-X6000XS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
          "@product": "WRC-X6000XST-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gs-g",
          "@product": "WRC-XE5400GS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
          "@product": "WRC-XE5400GSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "9.8",
        "@severity": "Critical",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000019",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN94012927/index.html",
          "@id": "JVN#94012927",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-20704",
          "@id": "CVE-2026-20704",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-22550",
          "@id": "CVE-2026-22550",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-24449",
          "@id": "CVE-2026-24449",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-24465",
          "@id": "CVE-2026-24465",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM wireless LAN products"
    }

    JVNDB-2024-000078

    Vulnerability from jvndb - Published: 2024-07-30 15:34 - Updated:2026-05-14 18:19
    Severity
    Summary
    Multiple vulnerabilities in ELECOM wireless LAN routers
    Details
    Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type (CWE-434) CVE-2024-34021 OS Command Injection (CWE-78) CVE-2024-39607 Cross-Site Request Forgery (CWE-352) CVE-2024-40883 CVE-2024-34021 Toyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-39607, CVE-2024-40883 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
      "dc:date": "2026-05-14T18:19+09:00",
      "dcterms:issued": "2024-07-30T15:34+09:00",
      "dcterms:modified": "2026-05-14T18:19+09:00",
      "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\nUnrestricted Upload of File with Dangerous Type (CWE-434)\r\nCVE-2024-34021\r\nOS Command Injection (CWE-78)\r\nCVE-2024-39607\r\nCross-Site Request Forgery (CWE-352)\r\nCVE-2024-40883\r\n\r\nCVE-2024-34021\r\nToyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39607, CVE-2024-40883\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wmc-2lx-b",
          "@product": "WMC-2LX-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-x1800gst-b",
          "@product": "WMC-X1800GST-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
          "@product": "WRC-1167GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
          "@product": "WRC-1167GS2H-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gst2",
          "@product": "WRC-1167GST2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
          "@product": "WRC-2533GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
          "@product": "WRC-2533GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
          "@product": "WRC-2533GS2V-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533gst2",
          "@product": "WRC-2533GST2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-g01-w",
          "@product": "WRC-G01-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1500GS-B",
          "@product": "WRC-X1500GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1500GSA-B",
          "@product": "WRC-X1500GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
          "@product": "WRC-X1800GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
          "@product": "WRC-X1800GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
          "@product": "WRC-X1800GSH-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-b",
          "@product": "WRC-X3000GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-w",
          "@product": "WRC-X3000GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
          "@product": "WRC-X3000GS2A-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gst2-b",
          "@product": "WRC-X3000GST2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3200gst3-b",
          "@product": "WRC-X3200GST3-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qs-g",
          "@product": "WRC-X6000QS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qsa-g",
          "@product": "WRC-X6000QSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
          "@product": "WRC-X6000XS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
          "@product": "WRC-X6000XST-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gs-g",
          "@product": "WRC-XE5400GS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
          "@product": "WRC-XE5400GSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000078",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN06672778/",
          "@id": "JVN#06672778",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34021",
          "@id": "CVE-2024-34021",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39607",
          "@id": "CVE-2024-39607",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-40883",
          "@id": "CVE-2024-40883",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
    }

    JVNDB-2024-001061

    Vulnerability from jvndb - Published: 2024-01-24 17:16 - Updated:2026-05-15 15:32

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
      "dc:date": "2026-05-15T15:32+09:00",
      "dcterms:issued": "2024-01-24T17:16+09:00",
      "dcterms:modified": "2026-05-15T15:32+09:00",
      "description": "Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-x1500GS-B",
          "@product": "WRC-X1500GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1500GSA-B",
          "@product": "WRC-X1500GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
          "@product": "WRC-X1800GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
          "@product": "WRC-X1800GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
          "@product": "WRC-X1800GSH-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-b",
          "@product": "WRC-X3000GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-w",
          "@product": "WRC-X3000GS2-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
          "@product": "WRC-X3000GS2A-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gst2-b",
          "@product": "WRC-X3000GST2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qs-g",
          "@product": "WRC-X6000QS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qsa-g",
          "@product": "WRC-X6000QSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
          "@product": "WRC-X6000XS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
          "@product": "WRC-X6000XST-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gs-g",
          "@product": "WRC-XE5400GS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
          "@product": "WRC-XE5400GSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.2",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-001061",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU90908488/index.html",
          "@id": "JVNVU#90908488",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-22372",
          "@id": "CVE-2024-22372",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-22372",
          "@id": "CVE-2024-22372",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "ELECOM wireless LAN routers vulnerable to OS command injection"
    }