Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for wrc-x1500gsa-b_firmware by elecom

    CVE-2026-24465 (GCVE-0-2026-24465)

    Vulnerability from nvd – Published: 2026-02-03 06:57 – Updated: 2026-02-03 15:47
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:47:14.941854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:47:24.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAB-S733IW2-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S733IW-AC",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S733IW-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WAB-S300IW2-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S300IW-AC",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S300IW-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T06:57:51.704Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-02/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24465",
        "datePublished": "2026-02-03T06:57:51.704Z",
        "dateReserved": "2026-01-30T01:42:43.398Z",
        "dateUpdated": "2026-02-03T15:47:24.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24449 (GCVE-0-2026-24449)

    Vulnerability from nvd – Published: 2026-02-03 06:57 – Updated: 2026-02-03 15:54
    VLAI
    Summary
    For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:53:54.600516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:54:07.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "Use of weak credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T06:57:20.505Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24449",
        "datePublished": "2026-02-03T06:57:20.505Z",
        "dateReserved": "2026-01-30T01:42:46.700Z",
        "dateUpdated": "2026-02-03T15:54:07.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22550 (GCVE-0-2026-22550)

    Vulnerability from nvd – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.16 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.14 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:55:01.293499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:55:14.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:24.537Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-22550",
        "datePublished": "2026-02-03T06:56:59.277Z",
        "dateReserved": "2026-01-30T01:42:48.683Z",
        "dateUpdated": "2026-05-12T08:09:24.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-40883 (GCVE-0-2024-40883)

    Vulnerability from nvd – Published: 2024-08-01 01:18 – Updated: 2026-05-12 08:10
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:24:58.175059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T01:09:06.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:10:08.667Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40883",
        "datePublished": "2024-08-01T01:18:01.801Z",
        "dateReserved": "2024-07-26T08:52:14.749Z",
        "dateUpdated": "2026-05-12T08:10:08.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24465 (GCVE-0-2026-24465)

    Vulnerability from cvelistv5 – Published: 2026-02-03 06:57 – Updated: 2026-02-03 15:47
    VLAI
    Summary
    Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based buffer overflow
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:47:14.941854Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:47:24.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WAB-S733IW2-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S733IW-AC",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S733IW-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WAB-S300IW2-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S300IW-AC",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v5.5.00 and earlier versions"
                }
              ]
            },
            {
              "product": "WAB-S300IW-PD",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based buffer overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T06:57:51.704Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-02/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24465",
        "datePublished": "2026-02-03T06:57:51.704Z",
        "dateReserved": "2026-01-30T01:42:43.398Z",
        "dateUpdated": "2026-02-03T15:47:24.584Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24449 (GCVE-0-2026-24449)

    Vulnerability from cvelistv5 – Published: 2026-02-03 06:57 – Updated: 2026-02-03 15:54
    VLAI
    Summary
    For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24449",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:53:54.600516Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:54:07.198Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "Use of weak credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-03T06:57:20.505Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-24449",
        "datePublished": "2026-02-03T06:57:20.505Z",
        "dateReserved": "2026-01-30T01:42:46.700Z",
        "dateUpdated": "2026-02-03T15:54:07.198Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22550 (GCVE-0-2026-22550)

    Vulnerability from cvelistv5 – Published: 2026-02-03 06:56 – Updated: 2026-05-12 08:09
    VLAI
    Summary
    OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.16 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.09 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.19 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.14 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22550",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:55:01.293499Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:55:14.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.16 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.09 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.19 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:09:24.537Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20260203-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN94012927/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-22550",
        "datePublished": "2026-02-03T06:56:59.277Z",
        "dateReserved": "2026-01-30T01:42:48.683Z",
        "dateUpdated": "2026-05-12T08:09:24.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-40883 (GCVE-0-2024-40883)

    Vulnerability from cvelistv5 – Published: 2024-08-01 01:18 – Updated: 2026-05-12 08:10
    VLAI
    Summary
    Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-X1500GS-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1500GSA-B Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GS-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSA-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X1800GSH-B Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2-W Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GS2A-B Affected: v1.08 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GS-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-XE5400GSA-G Affected: v1.12 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QS-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000QSA-G Affected: v1.13 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XS-G Affected: v1.11 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X6000XST-G Affected: v1.14 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3000GST2-B Affected: v1.06 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-40883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-01T14:24:58.175059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-27T01:09:06.684Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-X1500GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1500GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSA-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X1800GSH-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GS2A-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.08 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-XE5400GSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.12 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000QSA-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.13 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XS-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.11 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X6000XST-G",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.14 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3000GST2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.06 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-12T08:10:08.667Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240730-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN06672778/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-40883",
        "datePublished": "2024-08-01T01:18:01.801Z",
        "dateReserved": "2024-07-26T08:52:14.749Z",
        "dateUpdated": "2026-05-12T08:10:08.667Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }