Search
Find a vulnerability
Search criteria
11 vulnerabilities found for WSC-X1800GS-B by ELECOM CO.,LTD.
CVE-2024-29225 (GCVE-0-2024-29225)
Vulnerability from nvd – Published: 2024-04-04 00:04 – Updated: 2026-05-12 08:11
VLAI
Summary
ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:43:13.301844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:51:09.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:11:07.494Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-29225",
"datePublished": "2024-04-04T00:04:52.089Z",
"dateReserved": "2024-03-19T02:32:15.110Z",
"dateUpdated": "2026-05-12T08:11:07.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26258 (GCVE-0-2024-26258)
Vulnerability from nvd – Published: 2024-04-04 00:03 – Updated: 2026-05-12 08:10
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
Severity
6.8 (Medium)
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GST2 |
Affected:
v1.32 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GST2 |
Affected:
v1.30 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| elecom | wrc-x3200gst3-b_firmware |
Affected:
0 , ≤ 1.25
(custom)
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-g01-w_firmware |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x3200gst3-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-g01-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T13:12:52.810342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:22:40.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.32 and earlier"
}
]
},
{
"product": "WRC-2533GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.30 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:53.382Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-26258",
"datePublished": "2024-04-04T00:03:41.930Z",
"dateReserved": "2024-03-19T02:32:14.173Z",
"dateUpdated": "2026-05-12T08:10:53.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23910 (GCVE-0-2024-23910)
Vulnerability from nvd – Published: 2024-02-28 23:07 – Updated: 2025-04-22 15:54
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GS2-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GS2H-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GST2 |
Affected:
v1.32 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-W |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2V-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GST2 |
Affected:
v1.30 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.41 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.41 and earlier
|
|
| elecom | wrc-1167gs2-b |
Affected:
0 , < v1.67
(custom)
cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gs2h-b |
Affected:
0 , < v1.67
(custom)
cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-b |
Affected:
0 , < v1.62
(custom)
cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-w |
Affected:
0 , < v1.62
(custom)
cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2v-b |
Affected:
0 , < v1.62
(custom)
cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x3200gst3-b_firmware |
Affected:
elecom , < v1.25
(custom)
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-g01-w_firmware |
Affected:
0 , < v1.24
(custom)
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wmc-x1800gst-b |
Affected:
0 , < v1.41
(custom)
cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:* |
|
| elecom | wsc-x1800gs-b |
Affected:
0 , < v1.41
(custom)
cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2h-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-w",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2v-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x3200gst3-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.25",
"status": "affected",
"version": "elecom",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-g01-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wmc-x1800gst-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T20:40:19.820700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:54:59.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN44166658/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GS2H-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.32 and earlier"
}
]
},
{
"product": "WRC-2533GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2V-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.30 and earlier"
}
]
},
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.41 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.41 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T08:07:41.689Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN44166658/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23910",
"datePublished": "2024-02-28T23:07:02.324Z",
"dateReserved": "2024-02-15T01:25:06.163Z",
"dateUpdated": "2025-04-22T15:54:59.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39454 (GCVE-0-2023-39454)
Vulnerability from nvd – Published: 2023-08-18 09:41 – Updated: 2026-05-12 08:10
VLAI
Summary
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3A-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-x1800gs-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsa-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsh-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsa-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsh-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:02:33.925181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:02:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X3000GS3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WRC-X3000GS3A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:42.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39454",
"datePublished": "2023-08-18T09:41:14.665Z",
"dateReserved": "2023-08-09T11:55:02.234Z",
"dateUpdated": "2026-05-12T08:10:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29225 (GCVE-0-2024-29225)
Vulnerability from cvelistv5 – Published: 2024-04-04 00:04 – Updated: 2026-05-12 08:11
VLAI
Summary
ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
2 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:43:13.301844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:51:09.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:10:54.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:11:07.494Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-29225",
"datePublished": "2024-04-04T00:04:52.089Z",
"dateReserved": "2024-03-19T02:32:15.110Z",
"dateUpdated": "2026-05-12T08:11:07.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26258 (GCVE-0-2024-26258)
Vulnerability from cvelistv5 – Published: 2024-04-04 00:03 – Updated: 2026-05-12 08:10
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.
Severity
6.8 (Medium)
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
9 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GST2 |
Affected:
v1.32 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GST2 |
Affected:
v1.30 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| elecom | wrc-x3200gst3-b_firmware |
Affected:
0 , ≤ 1.25
(custom)
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-g01-w_firmware |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x3200gst3-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-g01-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26258",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T13:12:52.810342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:22:40.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.32 and earlier"
}
]
},
{
"product": "WRC-2533GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.30 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:53.382Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240326-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95381465/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-26258",
"datePublished": "2024-04-04T00:03:41.930Z",
"dateReserved": "2024-03-19T02:32:14.173Z",
"dateUpdated": "2026-05-12T08:10:53.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23910 (GCVE-0-2024-23910)
Vulnerability from cvelistv5 – Published: 2024-02-28 23:07 – Updated: 2025-04-22 15:54
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-site request forgery (CSRF)
Assigner
References
2 references
Impacted products
20 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GS2-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GS2H-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GST2 |
Affected:
v1.32 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-W |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2V-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GST2 |
Affected:
v1.30 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.41 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.41 and earlier
|
|
| elecom | wrc-1167gs2-b |
Affected:
0 , < v1.67
(custom)
cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gs2h-b |
Affected:
0 , < v1.67
(custom)
cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-b |
Affected:
0 , < v1.62
(custom)
cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-w |
Affected:
0 , < v1.62
(custom)
cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2v-b |
Affected:
0 , < v1.62
(custom)
cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x3200gst3-b_firmware |
Affected:
elecom , < v1.25
(custom)
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-g01-w_firmware |
Affected:
0 , < v1.24
(custom)
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wmc-x1800gst-b |
Affected:
0 , < v1.41
(custom)
cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:* |
|
| elecom | wsc-x1800gs-b |
Affected:
0 , < v1.41
(custom)
cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2h-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-w",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2v-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x3200gst3-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.25",
"status": "affected",
"version": "elecom",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-g01-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wmc-x1800gst-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "v1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T20:40:19.820700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T15:54:59.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN44166658/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GS2H-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.32 and earlier"
}
]
},
{
"product": "WRC-2533GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2V-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.30 and earlier"
}
]
},
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.41 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.41 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-site request forgery (CSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T08:07:41.689Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN44166658/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-23910",
"datePublished": "2024-02-28T23:07:02.324Z",
"dateReserved": "2024-02-15T01:25:06.163Z",
"dateUpdated": "2025-04-22T15:54:59.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39454 (GCVE-0-2023-39454)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:41 – Updated: 2026-05-12 08:10
VLAI
Summary
Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer overflow
Assigner
References
2 references
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1800GS-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSA-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X1800GSH-B |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QS-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X6000QSA-G |
Affected:
v1.13 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3000GS3A-B |
Affected:
v1.05 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WSC-X1800GS-B |
Affected:
v1.42 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-x1800gs-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsa-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:* |
|
| elecom | wrc-x1800gsh-b |
Affected:
0 , < 1.13
(custom)
cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gs-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsa-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x1800gsh-b",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-03T14:02:33.925181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T14:02:46.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSA-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X1800GSH-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QS-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X6000QSA-G",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.13 and earlier"
}
]
},
{
"product": "WRC-X3000GS3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WRC-X3000GS3A-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.05 and earlier"
}
]
},
{
"product": "WMC-2LX-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WSC-X1800GS-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.42 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T08:10:42.091Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39454",
"datePublished": "2023-08-18T09:41:14.665Z",
"dateReserved": "2023-08-09T11:55:02.234Z",
"dateUpdated": "2026-05-12T08:10:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
JVNDB-2024-003025
Vulnerability from jvndb - Published: 2024-03-27 14:26 - Updated:2026-05-15 15:32
Severity
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2024-25568
* OS Command Injection (CWE-78) - CVE-2024-26258
* Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) - CVE-2024-29225
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003025.html",
"dc:date": "2026-05-15T15:32+09:00",
"dcterms:issued": "2024-03-27T14:26+09:00",
"dcterms:modified": "2026-05-15T15:32+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n * OS Command Injection (CWE-78) - CVE-2024-25568\r\n * OS Command Injection (CWE-78) - CVE-2024-26258\r\n * Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) - CVE-2024-29225\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003025.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wmc-2lx-b",
"@product": "WMC-2LX-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2",
"@product": "WRC-1167GST2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2",
"@product": "WRC-2533GST2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-g01-w",
"@product": "WRC-G01-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3200gst3-b",
"@product": "WRC-X3200GST3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs-b",
"@product": "WSC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-003025",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95381465/index.html",
"@id": "JVNVU#95381465",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-25568",
"@id": "CVE-2024-25568",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-26258",
"@id": "CVE-2024-26258",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-29225",
"@id": "CVE-2024-29225",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
}
JVNDB-2024-000020
Vulnerability from jvndb - Published: 2024-02-20 14:14 - Updated:2024-11-26 15:26
Severity
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Details
Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
- Cross-site Scripting (CWE-79) - CVE-2024-21798
- Cross-Site Request Forgery (CWE-352) - CVE-2024-23910
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000020.html",
"dc:date": "2024-11-26T15:26+09:00",
"dcterms:issued": "2024-02-20T14:14+09:00",
"dcterms:modified": "2024-11-26T15:26+09:00",
"description": "Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\u003cli\u003eCross-site Scripting (CWE-79) - CVE-2024-21798\u003c/li\u003e\r\n\u003cli\u003eCross-Site Request Forgery (CWE-352) - CVE-2024-23910\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2024-21798\r\nYamaguchi Kakeru of Fujitsu Limited reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23910\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000020.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
"@product": "WRC-2533GS2V-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-g01-w",
"@product": "WRC-G01-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3200gst3-b",
"@product": "WRC-X3200GST3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs-b",
"@product": "WSC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000020",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN44166658/index.html",
"@id": "JVN#44166658",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-21798",
"@id": "CVE-2024-21798",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23910",
"@id": "CVE-2024-23910",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater"
}
JVNDB-2023-002797
Vulnerability from jvndb - Published: 2023-08-15 11:54 - Updated:2026-05-15 19:42
Severity
Summary
Multiple vulnerabilities in ELECOM and LOGITEC network devices
Details
Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
* Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445
* Telnet service access restriction failure (CWE-284) - CVE-2023-38132
* Hidden Functionality (CWE-912) - CVE-2023-38576
* Buffer overflow (CWE-120) - CVE-2023-39454
* OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072
* OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
"dc:date": "2026-05-15T19:42+09:00",
"dcterms:issued": "2023-08-15T11:54+09:00",
"dcterms:modified": "2026-05-15T19:42+09:00",
"description": "Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445\r\n * Telnet service access restriction failure (CWE-284) - CVE-2023-38132\r\n * Hidden Functionality (CWE-912) - CVE-2023-38576\r\n * Buffer overflow (CWE-120) - CVE-2023-39454\r\n * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072\r\n * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
"sec:cpe": [
{
"#text": "cpe:/a:elecom:wab-i1750-ps",
"@product": "WAB-I1750-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/a:elecom:wab-s1167-ps",
"@product": "WAB-S1167-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-m1775-ps",
"@product": "WAB-M1775-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-m2133",
"@product": "WAB-M2133",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s1167",
"@product": "WAB-S1167",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s1775",
"@product": "WAB-S1775",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s300_firmware",
"@product": "WAB-S300",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wab-s600-ps_firmware",
"@product": "WAB-S600-PS",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2lx-b",
"@product": "WMC-2LX-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2lx2-b",
"@product": "WMC-2LX2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst2-b",
"@product": "WMC-X1800GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk2",
"@product": "WRC-1167GHBK2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
"@product": "WRC-1467GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1467ghbk-s_firmware",
"@product": "WRC-1467GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk",
"@product": "WRC-1750GHBK",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk-e",
"@product": "WRC-1750GHBK-E",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750ghbk2-i",
"@product": "WRC-1750GHBK2-I",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
"@product": "WRC-1900GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900ghbk-s_firmware",
"@product": "WRC-1900GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
"@product": "WRC-600GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
"@product": "WRC-733FEBK2-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-f1167acf",
"@product": "WRC-F1167ACF",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
"@product": "WRC-F1167ACF2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs3-b",
"@product": "WRC-X3000GS3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs3a-b",
"@product": "WRC-X3000GS3A-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs-b",
"@product": "WSC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs2-b",
"@product": "WSC-X1800GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w300n%2fdr_firmware",
"@product": "LAN-W300N/DR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w300n%2fpr5_firmware",
"@product": "LAN-W300N/PR5",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w451ngr_firmware",
"@product": "LAN-W451NGR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300an%2fdgp_firmware",
"@product": "LAN-WH300AN/DGP",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300andgpe_firmware",
"@product": "LAN-WH300ANDGPE",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300n%2fdr_firmware",
"@product": "LAN-WH300N/DR",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh300n%2fre_firmware",
"@product": "LAN-WH300N/RE",
"@vendor": "Logitec Corp.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-wh450n%2fgp_firmware",
"@product": "LAN-WH450N/GP",
"@vendor": "Logitec Corp.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-002797",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU91630351/index.html",
"@id": "JVNVU#91630351",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-32626",
"@id": "CVE-2023-32626",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-35991",
"@id": "CVE-2023-35991",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38132",
"@id": "CVE-2023-38132",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-38576",
"@id": "CVE-2023-38576",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39445",
"@id": "CVE-2023-39445",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39454",
"@id": "CVE-2023-39454",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39455",
"@id": "CVE-2023-39455",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39944",
"@id": "CVE-2023-39944",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40069",
"@id": "CVE-2023-40069",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-40072",
"@id": "CVE-2023-40072",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32626",
"@id": "CVE-2023-32626",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35991",
"@id": "CVE-2023-35991",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38132",
"@id": "CVE-2023-38132",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38576",
"@id": "CVE-2023-38576",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445",
"@id": "CVE-2023-39445",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39454",
"@id": "CVE-2023-39454",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39455",
"@id": "CVE-2023-39455",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39944",
"@id": "CVE-2023-39944",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40069",
"@id": "CVE-2023-40069",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40072",
"@id": "CVE-2023-40072",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/120.html",
"@id": "CWE-120",
"@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/912.html",
"@id": "CWE-912",
"@title": "Hidden Functionality(CWE-912)"
}
],
"title": "Multiple vulnerabilities in ELECOM and LOGITEC network devices"
}