Filtered by vendor Elecom
Subscribe
Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40072 | 1 Elecom | 4 Wab-s300, Wab-s300 Firmware, Wab-s600-ps and 1 more | 2025-07-03 | N/A | 8.8 HIGH |
| OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | |||||
| CVE-2024-23910 | 1 Elecom | 22 Wmc-x1800gst-b, Wmc-x1800gst-b Firmware, Wrc-1167gs2-b and 19 more | 2025-04-22 | N/A | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B". | |||||
| CVE-2023-22368 | 2 Elecom, Microsoft | 3 Camera Assistant, Quickfiledealer, Windows | 2025-03-19 | N/A | 7.8 HIGH |
| Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2024-34577 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2025-03-13 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | |||||
| CVE-2024-22372 | 1 Elecom | 10 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 7 more | 2025-02-17 | N/A | 6.8 MEDIUM |
| OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | |||||
| CVE-2023-39454 | 1 Elecom | 6 Wrc-x1800gs-b, Wrc-x1800gs-b Firmware, Wrc-x1800gsa-b and 3 more | 2025-02-17 | N/A | 9.8 CRITICAL |
| Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. | |||||
| CVE-2024-21798 | 1 Elecom | 20 Wmc-x1800gst-b, Wmc-x1800gst-b Firmware, Wrc-1167gs2-b and 17 more | 2025-02-14 | N/A | 4.8 MEDIUM |
| ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". | |||||
| CVE-2023-22282 | 2 Elecom, Microsoft | 2 Wab-mat, Windows | 2025-02-11 | N/A | 7.3 HIGH |
| WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. | |||||
| CVE-2024-40883 | 1 Elecom | 12 Wrc-2533gs2-b, Wrc-2533gs2-b Firmware, Wrc-2533gs2-w and 9 more | 2024-11-26 | N/A | 8.8 HIGH |
| Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. | |||||
| CVE-2024-43689 | 1 Elecom | 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more | 2024-11-26 | N/A | 9.8 CRITICAL |
| Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed. | |||||
| CVE-2024-42412 | 1 Elecom | 4 Wab-i1750-ps, Wab-i1750-ps Firmware, Wab-s1167-ps and 1 more | 2024-11-26 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | |||||
| CVE-2023-37563 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2024-11-06 | N/A | 6.5 MEDIUM |
| ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. | |||||
| CVE-2023-35991 | 1 Elecom | 14 Lan-w300n\/dr, Lan-w300n\/dr Firmware, Lan-w300n\/p and 11 more | 2024-10-21 | N/A | 9.8 CRITICAL |
| Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. | |||||
| CVE-2023-40069 | 1 Elecom | 10 Wrc-1167ghbk2, Wrc-1167ghbk2 Firmware, Wrc-1750ghbk and 7 more | 2024-10-08 | N/A | 9.8 CRITICAL |
| OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. | |||||
| CVE-2023-49695 | 1 Elecom | 6 Wrc-x3000gs, Wrc-x3000gs Firmware, Wrc-x3000gsa and 3 more | 2024-10-08 | N/A | 6.8 MEDIUM |
| OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | |||||
| CVE-2023-32626 | 1 Elecom | 4 Lan-w300n\/pr5, Lan-w300n\/pr5 Firmware, Lan-w300n\/rs and 1 more | 2024-10-08 | N/A | 9.8 CRITICAL |
| Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | |||||
| CVE-2023-38132 | 1 Elecom | 2 Lan-w451ngr, Lan-w451ngr Firmware | 2024-10-08 | N/A | 8.8 HIGH |
| LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. | |||||
| CVE-2023-38576 | 1 Elecom | 2 Lan-wh300n\/re, Lan-wh300n\/re Firmware | 2024-10-08 | N/A | 8.0 HIGH |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. | |||||
| CVE-2023-39445 | 1 Elecom | 14 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware, Wrc-1467ghbk-s and 11 more | 2024-10-08 | N/A | 8.8 HIGH |
| Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | |||||
| CVE-2024-39300 | 1 Elecom | 2 Wab-i1750-ps, Wab-i1750-ps Firmware | 2024-09-03 | N/A | 3.7 LOW |
| Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. | |||||