Search
Find a vulnerability
Search criteria
19 vulnerabilities found for WRC-X1800GSA-B by ELECOM CO.,LTD.
CVE-2026-25107 (GCVE-0-2026-25107)
Vulnerability from nvd – Published: 2026-05-13 12:01 – Updated: 2026-05-13 18:26
VLAI
Summary
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
2 references
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.16 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.13 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:26:16.594153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:26:26.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "1.13 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T12:01:20.724Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20260512-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN03037325/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-25107",
"datePublished": "2026-05-13T12:01:20.724Z",
"dateReserved": "2026-05-07T05:47:06.075Z",
"dateUpdated": "2026-05-13T18:26:26.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22550 (GCVE-0-2026-22550)
Vulnerability from nvd – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
VLAI
Summary
OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.16 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.14 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:55:01.293499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:55:14.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:09:24.537Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20260203-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN94012927/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-22550",
"datePublished": "2026-02-03T06:56:59.277Z",
"dateReserved": "2026-01-30T01:42:48.683Z",
"dateUpdated": "2026-05-12T08:09:24.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20704 (GCVE-0-2026-20704)
Vulnerability from nvd – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
VLAI
Summary
Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.16 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.13 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:55:57.052296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:56:26.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:09:07.849Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20260203-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN94012927/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-20704",
"datePublished": "2026-02-03T06:56:42.019Z",
"dateReserved": "2026-01-30T01:42:47.600Z",
"dateUpdated": "2026-05-12T08:09:07.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40883 (GCVE-0-2024-40883)
Vulnerability from nvd – Published: 2024-08-01 01:18 – Updated: 2026-05-12 08:10
VLAI
Summary
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
Severity
6.5 (Medium)
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:24:58.175059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T01:09:06.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:08.667Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN06672778/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-40883",
"datePublished": "2024-08-01T01:18:01.801Z",
"dateReserved": "2024-07-26T08:52:14.749Z",
"dateUpdated": "2026-05-12T08:10:08.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39607 (GCVE-0-2024-39607)
Vulnerability from nvd – Published: 2024-08-01 01:17 – Updated: 2026-05-12 08:09
VLAI
Summary
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
Severity
6.8 (Medium)
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| elecom | wrc-x6000xs-g_firmware |
Affected:
0 , ≤ 1.11
(custom)
cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x1500gs-b_firmware |
Affected:
0 , ≤ 1.11
(custom)
cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x1500gsa-b_firmware |
Affected:
0 , ≤ 1.11
(custom)
cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x6000xs-g_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1500gs-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1500gsa-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:25:37.958754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:32:12.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:09:55.122Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN06672778/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39607",
"datePublished": "2024-08-01T01:17:00.982Z",
"dateReserved": "2024-07-26T08:52:15.655Z",
"dateUpdated": "2026-05-12T08:09:55.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22372 (GCVE-0-2024-22372)
Vulnerability from nvd – Published: 2024-01-24 04:38 – Updated: 2026-05-12 08:10
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.17 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.17 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.17 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.09
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240123-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90908488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T14:15:29.894844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:28.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.17 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.17 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.17 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:30.684Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240123-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90908488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22372",
"datePublished": "2024-01-24T04:38:20.199Z",
"dateReserved": "2024-01-10T00:47:14.234Z",
"dateUpdated": "2026-05-12T08:10:30.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39454 (GCVE-0-2023-39454)
Vulnerability from nvd – Published: 2023-08-18 09:41 – Updated: 2026-05-12 08:10
VLAI
Summary
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3A-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-x1800gs-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsa-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsh-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsa-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsh-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:02:33.925181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:02:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X3000GS3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WRC-X3000GS3A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:42.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39454",
"datePublished": "2023-08-18T09:41:14.665Z",
"dateReserved": "2023-08-09T11:55:02.234Z",
"dateUpdated": "2026-05-12T08:10:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25107 (GCVE-0-2026-25107)
Vulnerability from cvelistv5 – Published: 2026-05-13 12:01 – Updated: 2026-05-13 18:26
VLAI
Summary
ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-321 - Use of hard-coded cryptographic key
Assigner
References
2 references
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.16 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.13 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25107",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T18:26:16.594153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T18:26:26.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "1.13 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file of the product, and a victim administrator may be tricked to use a crafted configuration file."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T12:01:20.724Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20260512-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN03037325/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-25107",
"datePublished": "2026-05-13T12:01:20.724Z",
"dateReserved": "2026-05-07T05:47:06.075Z",
"dateUpdated": "2026-05-13T18:26:26.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22550 (GCVE-0-2026-22550)
Vulnerability from cvelistv5 – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
VLAI
Summary
OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.16 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.14 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:55:01.293499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:55:14.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:09:24.537Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20260203-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN94012927/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-22550",
"datePublished": "2026-02-03T06:56:59.277Z",
"dateReserved": "2026-01-30T01:42:48.683Z",
"dateUpdated": "2026-05-12T08:09:24.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20704 (GCVE-0-2026-20704)
Vulnerability from cvelistv5 – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
VLAI
Summary
Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.09 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.19 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.16 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.13 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T15:55:57.052296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T15:56:26.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.19 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:09:07.849Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20260203-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN94012927/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-20704",
"datePublished": "2026-02-03T06:56:42.019Z",
"dateReserved": "2026-01-30T01:42:47.600Z",
"dateUpdated": "2026-05-12T08:09:07.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40883 (GCVE-0-2024-40883)
Vulnerability from cvelistv5 – Published: 2024-08-01 01:18 – Updated: 2026-05-12 08:10
VLAI
Summary
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
Severity
6.5 (Medium)
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:24:58.175059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T01:09:06.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:08.667Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN06672778/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-40883",
"datePublished": "2024-08-01T01:18:01.801Z",
"dateReserved": "2024-07-26T08:52:14.749Z",
"dateUpdated": "2026-05-12T08:10:08.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39607 (GCVE-0-2024-39607)
Vulnerability from cvelistv5 – Published: 2024-08-01 01:17 – Updated: 2026-05-12 08:09
VLAI
Summary
OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command.
Severity
6.8 (Medium)
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.14 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
|
| elecom | wrc-x6000xs-g_firmware |
Affected:
0 , ≤ 1.11
(custom)
cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x1500gs-b_firmware |
Affected:
0 , ≤ 1.11
(custom)
cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x1500gsa-b_firmware |
Affected:
0 , ≤ 1.11
(custom)
cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x6000xs-g_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1500gs-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1500gsa-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:25:37.958754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:32:12.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.14 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:09:55.122Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240730-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN06672778/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-39607",
"datePublished": "2024-08-01T01:17:00.982Z",
"dateReserved": "2024-07-26T08:52:15.655Z",
"dateUpdated": "2026-05-12T08:09:55.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22372 (GCVE-0-2024-22372)
Vulnerability from cvelistv5 – Published: 2024-01-24 04:38 – Updated: 2026-05-12 08:10
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
Assigner
References
2 references
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1500GSA-B |
Affected:
v1.11 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.17 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.17 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.17 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2-W |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS2A-B |
Affected:
v1.08 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GS-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-XE5400GSA-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000XS-G |
Affected:
v1.09
|
|
| ELECOM CO.,LTD. | WRC-X6000XST-G |
Affected:
v1.12 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GST2-B |
Affected:
v1.06 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240123-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90908488/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T14:15:29.894844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:19:28.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1500GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1500GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.11 and earlier"
}
]
},
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.17 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.17 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.17 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-X3000GS2A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.08 and earlier"
}
]
},
{
"product": "WRC-XE5400GS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-XE5400GSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000XS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09"
}
]
},
{
"product": "WRC-X6000XST-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.12 and earlier"
}
]
},
{
"product": "WRC-X3000GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.06 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:30.684Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240123-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU90908488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22372",
"datePublished": "2024-01-24T04:38:20.199Z",
"dateReserved": "2024-01-10T00:47:14.234Z",
"dateUpdated": "2026-05-12T08:10:30.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-39454 (GCVE-0-2023-39454)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:41 – Updated: 2026-05-12 08:10
VLAI
Summary
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3A-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-x1800gs-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsa-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsh-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsa-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsh-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:02:33.925181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:02:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X3000GS3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WRC-X3000GS3A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:42.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39454",
"datePublished": "2023-08-18T09:41:14.665Z",
"dateReserved": "2023-08-09T11:55:02.234Z",
"dateUpdated": "2026-05-12T08:10:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
JVNDB-2026-000073
Vulnerability from jvndb - Published: 2026-05-12 15:16 - Updated:2026-05-20 11:52
Severity
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)
Details
Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
- Use of Hard-coded Cryptographic Key in creating backup of configuration files (CWE-321) - CVE-2026-25107
- OS command injection in processing of ping_ip_addr parameter (CWE-78) - CVE-2026-35506
- Missing authentication when accepting in specific URLs (CWE-288) - CVE-2026-40621
- OS command injection in processing of username parameter (CWE-78) - CVE-2026-42062
- Stored cross-site scripting due to inadequate hostname parameter handling (CWE-79) - CVE-2026-42948
- Missing Check for language parameter (CWE-754) - CVE-2026-42950
- Inadequate CSRF protection (CWE-344) - CVE-2026-42961
References
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000073.html",
"dc:date": "2026-05-20T11:52+09:00",
"dcterms:issued": "2026-05-12T15:16+09:00",
"dcterms:modified": "2026-05-20T11:52+09:00",
"description": "Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/321.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\r\n\u003ca href=\u0027https://cwe.mitre.org/data/definitions/288.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\r\n\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\r\n\u003ca href=\u0027https://cwe.mitre.org/data/definitions/79.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/754.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/344.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eUse of Hard-coded Cryptographic Key in creating backup of configuration files (CWE-321) - CVE-2026-25107\u003c/li\u003e\u003cli\u003eOS command injection in processing of ping_ip_addr parameter (CWE-78) - CVE-2026-35506\u003c/li\u003e\u003cli\u003eMissing authentication when accepting in specific URLs (CWE-288) - CVE-2026-40621\u003c/li\u003e\u003cli\u003eOS command injection in processing of username parameter (CWE-78) - CVE-2026-42062\u003c/li\u003e\u003cli\u003eStored cross-site scripting due to inadequate hostname parameter handling (CWE-79) - CVE-2026-42948\u003c/li\u003e\u003cli\u003eMissing Check for language parameter (CWE-754) - CVE-2026-42950\u003c/li\u003e\u003cli\u003eInadequate CSRF protection (CWE-344) - CVE-2026-42961\u003c/li\u003e\u003c/ul\u003eThe vulnerabilities are reported from the following people, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2026-25107, CVE-2026-42950, CVE-2026-42961\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\n\r\nCVE-2026-42948\r\nSato Nobuhiro of Suzuki Motor Corporation, Futamata Keisuke of University Of Fukui, Takahashi Natsuki of Shizuoka University, Sasaki Miyu of Waseda University, and Tsuyoshi Tomita of Ministry of Defense reported this vulnerability to IPA.\r\n\r\nCVE-2026-35506, CVE-2026-40621, CVE-2026-42062\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000073.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wab-be187-m",
"@product": "WAB-BE187-M",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-be36-m",
"@product": "WAB-BE36-M",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-be36-s",
"@product": "WAB-BE36-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-be72-m",
"@product": "WAB-BE72-M",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-be65qsd-b",
"@product": "WRC-BE65QSD-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-be72xsd-b",
"@product": "WRC-BE72XSD-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-be72xsd-ba",
"@product": "WRC-BE72XSD-BA",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-w702-b",
"@product": "WRC-W702-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-b",
"@product": "WRC-X3000GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-w",
"@product": "WRC-X3000GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
"@product": "WRC-X3000GS2A-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gst2-b",
"@product": "WRC-X3000GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
"@product": "WRC-X6000XS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
"@product": "WRC-X6000XST-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gs-g",
"@product": "WRC-XE5400GS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
"@product": "WRC-XE5400GSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000073",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN03037325/index.html",
"@id": "JVN#03037325",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-25107",
"@id": "CVE-2026-25107",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-35506",
"@id": "CVE-2026-35506",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-40621",
"@id": "CVE-2026-40621",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-42062",
"@id": "CVE-2026-42062",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-42948",
"@id": "CVE-2026-42948",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-42950",
"@id": "CVE-2026-42950",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-42961",
"@id": "CVE-2026-42961",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers and access points (May 2026)"
}
JVNDB-2026-000019
Vulnerability from jvndb - Published: 2026-02-03 14:57 - Updated:2026-05-14 12:24
Severity
Summary
Multiple vulnerabilities in ELECOM wireless LAN products
Details
Wireless LAN products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
- Cross-site request forgery (CWE-352) - CVE-2026-20704
- OS command injection (CWE-78) - CVE-2026-22550
- Use of weak credentials (CWE-1391) - CVE-2026-24449
- Stack-based buffer overflow (CWE-121) - CVE-2026-24465
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000019.html",
"dc:date": "2026-05-14T12:24+09:00",
"dcterms:issued": "2026-02-03T14:57+09:00",
"dcterms:modified": "2026-05-14T12:24+09:00",
"description": "Wireless LAN products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2026-20704\u003c/li\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-22550\u003c/li\u003e\u003cli\u003eUse of weak credentials (CWE-1391) - CVE-2026-24449\u003c/li\u003e\u003cli\u003eStack-based buffer overflow (CWE-121) - CVE-2026-24465\u003c/li\u003e\u003c/ul\u003eCVE-2026-20704, CVE-2026-22550\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-24449\r\nSoh Satoh reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-24465\r\nMASAHIRO IIDA of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000019.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wab-s300iw-ac",
"@product": "WAB-S300IW-AC",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s300iw-pd",
"@product": "WAB-S300IW-PD",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s300iw2-pd",
"@product": "WAB-S300IW2-PD",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s733iw-ac",
"@product": "WAB-S733IW-AC",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s733iw-pd",
"@product": "WAB-S733IW-PD",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s733iw2-pd",
"@product": "WAB-S733IW2-PD",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1500GS-B",
"@product": "WRC-X1500GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1500GSA-B",
"@product": "WRC-X1500GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-b",
"@product": "WRC-X3000GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-w",
"@product": "WRC-X3000GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
"@product": "WRC-X3000GS2A-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gst2-b",
"@product": "WRC-X3000GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
"@product": "WRC-X6000XS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
"@product": "WRC-X6000XST-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gs-g",
"@product": "WRC-XE5400GS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
"@product": "WRC-XE5400GSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000019",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN94012927/index.html",
"@id": "JVN#94012927",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-20704",
"@id": "CVE-2026-20704",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-22550",
"@id": "CVE-2026-22550",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-24449",
"@id": "CVE-2026-24449",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-24465",
"@id": "CVE-2026-24465",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN products"
}
JVNDB-2024-000078
Vulnerability from jvndb - Published: 2024-07-30 15:34 - Updated:2026-05-14 18:19
Severity
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2024-34021
OS Command Injection (CWE-78)
CVE-2024-39607
Cross-Site Request Forgery (CWE-352)
CVE-2024-40883
CVE-2024-34021
Toyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-39607, CVE-2024-40883
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
"dc:date": "2026-05-14T18:19+09:00",
"dcterms:issued": "2024-07-30T15:34+09:00",
"dcterms:modified": "2026-05-14T18:19+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\nUnrestricted Upload of File with Dangerous Type (CWE-434)\r\nCVE-2024-34021\r\nOS Command Injection (CWE-78)\r\nCVE-2024-39607\r\nCross-Site Request Forgery (CWE-352)\r\nCVE-2024-40883\r\n\r\nCVE-2024-34021\r\nToyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39607, CVE-2024-40883\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wmc-2lx-b",
"@product": "WMC-2LX-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2",
"@product": "WRC-1167GST2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
"@product": "WRC-2533GS2V-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2",
"@product": "WRC-2533GST2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-g01-w",
"@product": "WRC-G01-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1500GS-B",
"@product": "WRC-X1500GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1500GSA-B",
"@product": "WRC-X1500GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-b",
"@product": "WRC-X3000GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-w",
"@product": "WRC-X3000GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
"@product": "WRC-X3000GS2A-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gst2-b",
"@product": "WRC-X3000GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3200gst3-b",
"@product": "WRC-X3200GST3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
"@product": "WRC-X6000XS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
"@product": "WRC-X6000XST-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gs-g",
"@product": "WRC-XE5400GS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
"@product": "WRC-XE5400GSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000078",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN06672778/",
"@id": "JVN#06672778",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-34021",
"@id": "CVE-2024-34021",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39607",
"@id": "CVE-2024-39607",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-40883",
"@id": "CVE-2024-40883",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
}
JVNDB-2024-001061
Vulnerability from jvndb - Published: 2024-01-24 17:16 - Updated:2026-05-15 15:32
Severity
Summary
ELECOM wireless LAN routers vulnerable to OS command injection
Details
Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
"dc:date": "2026-05-15T15:32+09:00",
"dcterms:issued": "2024-01-24T17:16+09:00",
"dcterms:modified": "2026-05-15T15:32+09:00",
"description": "Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wrc-x1500GS-B",
"@product": "WRC-X1500GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1500GSA-B",
"@product": "WRC-X1500GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-b",
"@product": "WRC-X3000GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-w",
"@product": "WRC-X3000GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2a-b",
"@product": "WRC-X3000GS2A-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gst2-b",
"@product": "WRC-X3000GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
"@product": "WRC-X6000XS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
"@product": "WRC-X6000XST-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gs-g",
"@product": "WRC-XE5400GS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
"@product": "WRC-XE5400GSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-001061",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU90908488/index.html",
"@id": "JVNVU#90908488",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-22372",
"@id": "CVE-2024-22372",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-22372",
"@id": "CVE-2024-22372",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "ELECOM wireless LAN routers vulnerable to OS command injection"
}
JVNDB-2023-002797
Vulnerability from jvndb - Published: 2023-08-15 11:54 - Updated:2026-05-15 19:42
Severity
Summary
Multiple vulnerabilities in ELECOM and LOGITEC network devices
Details
Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
* Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445
* Telnet service access restriction failure (CWE-284) - CVE-2023-38132
* Hidden Functionality (CWE-912) - CVE-2023-38576
* Buffer overflow (CWE-120) - CVE-2023-39454
* OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072
* OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
"dc:date": "2026-05-15T19:42+09:00",
"dcterms:issued": "2023-08-15T11:54+09:00",
"dcterms:modified": "2026-05-15T19:42+09:00",
"description": "Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445\r\n * Telnet service access restriction failure (CWE-284) - CVE-2023-38132\r\n * Hidden Functionality (CWE-912) - CVE-2023-38576\r\n * Buffer overflow (CWE-120) - CVE-2023-39454\r\n * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072\r\n * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
"sec:cpe": [
{
"#text": "cpe:/a:elecom:wab-i1750-ps",
"@product": "WAB-I1750-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:elecom:wab-s1167-ps",
"@product": "WAB-S1167-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-m1775-ps",
"@product": "WAB-M1775-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-m2133",
"@product": "WAB-M2133",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s1167",
"@product": "WAB-S1167",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s1775",
"@product": "WAB-S1775",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s300_firmware",
"@product": "WAB-S300",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s600-ps_firmware",
"@product": "WAB-S600-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2lx-b",
"@product": "WMC-2LX-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2lx2-b",
"@product": "WMC-2LX2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst2-b",
"@product": "WMC-X1800GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk2",
"@product": "WRC-1167GHBK2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
"@product": "WRC-1467GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1467ghbk-s_firmware",
"@product": "WRC-1467GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk",
"@product": "WRC-1750GHBK",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk-e",
"@product": "WRC-1750GHBK-E",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk2-i",
"@product": "WRC-1750GHBK2-I",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
"@product": "WRC-1900GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900ghbk-s_firmware",
"@product": "WRC-1900GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
"@product": "WRC-600GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
"@product": "WRC-733FEBK2-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-f1167acf",
"@product": "WRC-F1167ACF",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
"@product": "WRC-F1167ACF2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs3-b",
"@product": "WRC-X3000GS3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs3a-b",
"@product": "WRC-X3000GS3A-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs-b",
"@product": "WSC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs2-b",
"@product": "WSC-X1800GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w300n%2fdr_firmware",
"@product": "LAN-W300N/DR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w300n%2fpr5_firmware",
"@product": "LAN-W300N/PR5",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w451ngr_firmware",
"@product": "LAN-W451NGR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300an%2fdgp_firmware",
"@product": "LAN-WH300AN/DGP",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300andgpe_firmware",
"@product": "LAN-WH300ANDGPE",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300n%2fdr_firmware",
"@product": "LAN-WH300N/DR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300n%2fre_firmware",
"@product": "LAN-WH300N/RE",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh450n%2fgp_firmware",
"@product": "LAN-WH450N/GP",
"@vendor": "Logitec Corp.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-002797",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU91630351/index.html",
"@id": "JVNVU#91630351",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32626",
"@id": "CVE-2023-32626",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-35991",
"@id": "CVE-2023-35991",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38132",
"@id": "CVE-2023-38132",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38576",
"@id": "CVE-2023-38576",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39445",
"@id": "CVE-2023-39445",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39454",
"@id": "CVE-2023-39454",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39455",
"@id": "CVE-2023-39455",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39944",
"@id": "CVE-2023-39944",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40069",
"@id": "CVE-2023-40069",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40072",
"@id": "CVE-2023-40072",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32626",
"@id": "CVE-2023-32626",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35991",
"@id": "CVE-2023-35991",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38132",
"@id": "CVE-2023-38132",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38576",
"@id": "CVE-2023-38576",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445",
"@id": "CVE-2023-39445",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39454",
"@id": "CVE-2023-39454",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39455",
"@id": "CVE-2023-39455",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39944",
"@id": "CVE-2023-39944",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40069",
"@id": "CVE-2023-40069",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40072",
"@id": "CVE-2023-40072",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/120.html",
"@id": "CWE-120",
"@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/912.html",
"@id": "CWE-912",
"@title": "Hidden Functionality(CWE-912)"
}
],
"title": "Multiple vulnerabilities in ELECOM and LOGITEC network devices"
}