Search criteria
8 vulnerabilities found for WRC-2533GST2 firmware by ELECOM CO.,LTD.
JVNDB-2025-000041
Vulnerability from jvndb - Published: 2025-06-24 14:50 - Updated:2026-02-03 15:35
Severity ?
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
- Unrestricted upload of file with dangerous type (CWE-434) - CVE-2025-36519
- OS command injection in Connection Diagnostics page (CWE-78) - CVE-2025-41427
- Stored cross-site scripting in WebGUI (CWE-79) - CVE-2025-43877
- OS command injection in the telnet function (CWE-78) - CVE-2025-43879
- OS command injection in miniigd SOAP service (CWE-78) - CVE-2025-48890
References
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000041.html",
"dc:date": "2026-02-03T15:35+09:00",
"dcterms:issued": "2025-06-24T14:50+09:00",
"dcterms:modified": "2026-02-03T15:35+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\u003cli\u003eUnrestricted upload of file with dangerous type (CWE-434) - CVE-2025-36519\u003c/li\u003e\r\n\u003cli\u003eOS command injection in Connection Diagnostics page (CWE-78) - CVE-2025-41427\u003c/li\u003e\r\n\u003cli\u003eStored cross-site scripting in WebGUI (CWE-79) - CVE-2025-43877\u003c/li\u003e\r\n\u003cli\u003eOS command injection in the telnet function (CWE-78) - CVE-2025-43879\u003c/li\u003e\r\n\u003cli\u003eOS command injection in miniigd SOAP service (CWE-78) - CVE-2025-48890\u003c/li\u003e\r\n\u003c/ul\u003e\r\nCVE-2025-36519\r\nTien Phan reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2025-41427\r\nYoshiki Yuzawa of IssueHunt, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-43877\r\nKawauchi Manami of NEC Fielding,Ltd. and Toyama Taku of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2025-43879, CVE-2025-48890\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000041.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wrc-1167ghbk2-s",
"@product": "WRC-1167GHBK2-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
"@product": "WRC-2533GS2V-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gsa_firmware",
"@product": "WRC-X3000GSA firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gsn_firmware",
"@product": "WRC-X3000GSN firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs_firmware",
"@product": "WRC-X3000GS firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrh-733gbk_firmware",
"@product": "WRH-733GBK firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrh-733gwh_firmware",
"@product": "WRH-733GWH firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000041",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN39435597/index.html",
"@id": "JVN#39435597",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-36519",
"@id": "CVE-2025-36519",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-41427",
"@id": "CVE-2025-41427",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-43877",
"@id": "CVE-2025-43877",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-43879",
"@id": "CVE-2025-43879",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-48890",
"@id": "CVE-2025-48890",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
}
JVNDB-2024-000078
Vulnerability from jvndb - Published: 2024-07-30 15:34 - Updated:2026-02-03 15:35
Severity ?
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2024-34021
OS Command Injection (CWE-78)
CVE-2024-39607
Cross-Site Request Forgery (CWE-352)
CVE-2024-40883
CVE-2024-34021
Toyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-39607, CVE-2024-40883
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
"dc:date": "2026-02-03T15:35+09:00",
"dcterms:issued": "2024-07-30T15:34+09:00",
"dcterms:modified": "2026-02-03T15:35+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\nUnrestricted Upload of File with Dangerous Type (CWE-434)\r\nCVE-2024-34021\r\nOS Command Injection (CWE-78)\r\nCVE-2024-39607\r\nCross-Site Request Forgery (CWE-352)\r\nCVE-2024-40883\r\n\r\nCVE-2024-34021\r\nToyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39607, CVE-2024-40883\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
"@product": "WRC-2533GS2V-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1500GS-B",
"@product": "WRC-X1500GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1500GSA-B",
"@product": "WRC-X1500GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
"@product": "WRC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
"@product": "WRC-X1800GSA-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
"@product": "WRC-X1800GSH-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
"@product": "WRC-X3000GS2-B firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
"@product": "WRC-X3000GS2-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
"@product": "WRC-X3000GS2A-B firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qs-g",
"@product": "WRC-X6000QS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000qsa-g",
"@product": "WRC-X6000QSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
"@product": "WRC-X6000XS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
"@product": "WRC-X6000XST-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gs-g",
"@product": "WRC-XE5400GS-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-xe5400gsa-g",
"@product": "WRC-XE5400GSA-G",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000078",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN06672778/",
"@id": "JVN#06672778",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-34021",
"@id": "CVE-2024-34021",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-39607",
"@id": "CVE-2024-39607",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-40883",
"@id": "CVE-2024-40883",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
}
JVNDB-2024-003025
Vulnerability from jvndb - Published: 2024-03-27 14:26 - Updated:2024-11-27 14:34
Severity ?
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2024-25568
* OS Command Injection (CWE-78) - CVE-2024-26258
* Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) - CVE-2024-29225
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003025.html",
"dc:date": "2024-11-27T14:34+09:00",
"dcterms:issued": "2024-03-27T14:26+09:00",
"dcterms:modified": "2024-11-27T14:34+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n * OS Command Injection (CWE-78) - CVE-2024-25568\r\n * OS Command Injection (CWE-78) - CVE-2024-26258\r\n * Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) - CVE-2024-29225\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003025.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-g01-w",
"@product": "WRC-G01-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3200gst3-b",
"@product": "WRC-X3200GST3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-003025",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU95381465/index.html",
"@id": "JVNVU#95381465",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-25568",
"@id": "CVE-2024-25568",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-26258",
"@id": "CVE-2024-26258",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-29225",
"@id": "CVE-2024-29225",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
}
JVNDB-2024-002831
Vulnerability from jvndb - Published: 2024-02-22 08:15 - Updated:2026-02-04 12:02
Severity ?
Summary
ELECOM wireless LAN routers vulnerable to OS command injection
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
| Type | URL | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002831.html",
"dc:date": "2026-02-04T12:02+09:00",
"dcterms:issued": "2024-02-22T08:15+09:00",
"dcterms:modified": "2026-02-04T12:02+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002831.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wmc-2lx2-b",
"@product": "WMC-2LX2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-x1800gst2-b",
"@product": "WMC-X1800GST2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
"@product": "WRC-2533GS2V-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-g01-w",
"@product": "WRC-G01-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3200gst3-b",
"@product": "WRC-X3200GST3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs2-b",
"@product": "WSC-X1800GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-002831",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU99444194/index.html",
"@id": "JVNVU#99444194",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-25579",
"@id": "CVE-2024-25579",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "ELECOM wireless LAN routers vulnerable to OS command injection"
}
JVNDB-2024-000020
Vulnerability from jvndb - Published: 2024-02-20 14:14 - Updated:2024-11-26 15:26
Severity ?
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Details
Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
- Cross-site Scripting (CWE-79) - CVE-2024-21798
- Cross-Site Request Forgery (CWE-352) - CVE-2024-23910
References
| Type | URL | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000020.html",
"dc:date": "2024-11-26T15:26+09:00",
"dcterms:issued": "2024-02-20T14:14+09:00",
"dcterms:modified": "2024-11-26T15:26+09:00",
"description": "Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n\u003cul\u003e\u003cli\u003eCross-site Scripting (CWE-79) - CVE-2024-21798\u003c/li\u003e\r\n\u003cli\u003eCross-Site Request Forgery (CWE-352) - CVE-2024-23910\u003c/li\u003e\u003c/ul\u003e\r\n\r\nCVE-2024-21798\r\nYamaguchi Kakeru of Fujitsu Limited reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-23910\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000020.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wmc-x1800gst-b",
"@product": "WMC-X1800GST-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
"@product": "WRC-2533GS2V-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-g01-w",
"@product": "WRC-G01-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-x3200gst3-b",
"@product": "WRC-X3200GST3-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wsc-x1800gs-b",
"@product": "WSC-X1800GS-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000020",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN44166658/index.html",
"@id": "JVN#44166658",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-21798",
"@id": "CVE-2024-21798",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23910",
"@id": "CVE-2024-23910",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater"
}
JVNDB-2021-004912
Vulnerability from jvndb - Published: 2021-12-02 17:16 - Updated:2022-03-30 16:11
Severity ?
Summary
Multiple vulnerabilities in multiple ELECOM routers
Details
Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
* Improper access control leading to unauthorized activation of telnet service (CWE-284) - CVE-2021-20862
* OS command injection (CWE-78) - CVE-2021-20863
* Improper access control leading to unauthorized activation of telnet service
(CWE-284) - CVE-2021-20864
Chuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.
References
| Type | URL | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-004912.html",
"dc:date": "2022-03-30T16:11+09:00",
"dcterms:issued": "2021-12-02T17:16+09:00",
"dcterms:modified": "2022-03-30T16:11+09:00",
"description": "Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n * Improper access control leading to unauthorized activation of telnet service (CWE-284) - CVE-2021-20862\r\n\r\n * OS command injection (CWE-78) - CVE-2021-20863\r\n\r\n * Improper access control leading to unauthorized activation of telnet service \r\n(CWE-284) - CVE-2021-20864\r\n\r\nChuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-004912.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:edwrc-2533gst2_firmware",
"@product": "EDWRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2hc-w_firmware",
"@product": "WMC-2HC-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-c2533gst-w_firmware",
"@product": "WMC-C2533GST-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-dlgst2-w_firmware",
"@product": "WMC-DLGST2-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-m1267gst2-w_firmware",
"@product": "WMC-M1267GST2-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2a_firmware",
"@product": "WRC-1167GST2A firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2h_firmware",
"@product": "WRC-1167GST2H firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750gst2_firmware",
"@product": "WRC-1750GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750gsv_firmware",
"@product": "WRC-1750GSV firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750gs_firmware",
"@product": "WRC-1750GS firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900gst2sp_firmware",
"@product": "WRC-1900GST2SP firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900gst2_firmware",
"@product": "WRC-1900GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900gst_firmware",
"@product": "WRC-1900GST firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2-g_firmware",
"@product": "WRC-2533GST2-G firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2sp_firmware",
"@product": "WRC-2533GST2SP firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gsta_firmware",
"@product": "WRC-2533GSTA firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst_firmware",
"@product": "WRC-2533GST firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-004912",
"sec:references": [
{
"#text": "http://jvn.jp/en/vu/JVNVU94527926/index.html",
"@id": "JVNVU#94527926",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20862",
"@id": "CVE-2021-20862",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20863",
"@id": "CVE-2021-20863",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20864",
"@id": "CVE-2021-20864",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20862",
"@id": "CVE-2021-20862",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20863",
"@id": "CVE-2021-20863",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20864",
"@id": "CVE-2021-20864",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/284.html",
"@id": "CWE-284",
"@title": "Improper Access Control(CWE-284)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in multiple ELECOM routers"
}
JVNDB-2021-000108
Vulnerability from jvndb - Published: 2021-11-30 16:23 - Updated:2022-03-29 16:18
Severity ?
Summary
Multiple vulnerabilities in multiple ELECOM LAN routers
Details
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
* Buffer overflow (CWE-121) - CVE-2021-20852
* OS command injection (CWE-78) - CVE-2021-20853, CVE-2021-20854
* Cross-site scripting (CWE-79) - CVE-2021-20855, CVE-2021-20856
* Cross-site scripting (CWE-79) - CVE-2021-20857
* Cross-site scripting (CWE-79) - CVE-2021-20858
* OS command injection (CWE-78) - CVE-2021-20859
* Cross-site request forgery (CWE-352) - CVE-2021-20860
* Improper access control (CWE-284) - CVE-2021-20861, CVE-2022-25915
CVE-2021-20852, CVE-2021-20853, CVE-2021-20854
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20855, CVE-2021-20856
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20857, CVE-2021-20858
Imaoka Ryo, Imaoka Toshio of Cyber Security Reserach Team reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20859, CVE-2021-20860, CVE-2021-20861
Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-25915
Katsuhiko Sato(a.k.a. goroh_kun) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000108.html",
"dc:date": "2022-03-29T16:18+09:00",
"dcterms:issued": "2021-11-30T16:23+09:00",
"dcterms:modified": "2022-03-29T16:18+09:00",
"description": "Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n* Buffer overflow (CWE-121) - CVE-2021-20852\r\n* OS command injection (CWE-78) - CVE-2021-20853, CVE-2021-20854\r\n* Cross-site scripting (CWE-79) - CVE-2021-20855, CVE-2021-20856\r\n* Cross-site scripting (CWE-79) - CVE-2021-20857\r\n* Cross-site scripting (CWE-79) - CVE-2021-20858\r\n* OS command injection (CWE-78) - CVE-2021-20859\r\n* Cross-site request forgery (CWE-352) - CVE-2021-20860\r\n* Improper access control (CWE-284) - CVE-2021-20861, CVE-2022-25915\r\n\r\nCVE-2021-20852, CVE-2021-20853, CVE-2021-20854\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20855, CVE-2021-20856\r\nTomonori Yamamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20857, CVE-2021-20858\r\nImaoka Ryo, Imaoka Toshio of Cyber Security Reserach Team reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20859, CVE-2021-20860, CVE-2021-20861\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2022-25915\r\nKatsuhiko Sato(a.k.a. goroh_kun) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000108.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:edwrc-2533gst2_firmware",
"@product": "EDWRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-2hc-w_firmware",
"@product": "WMC-2HC-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-c2533gst-w_firmware",
"@product": "WMC-C2533GST-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-dlgst2-w_firmware",
"@product": "WMC-DLGST2-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wmc-m1267gst2-w_firmware",
"@product": "WMC-M1267GST2-W firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2-b_firmware",
"@product": "WRC-1167GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gs2h-b_firmware",
"@product": "WRC-1167GS2H-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2a_firmware",
"@product": "WRC-1167GST2A firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2h_firmware",
"@product": "WRC-1167GST2H firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750gst2_firmware",
"@product": "WRC-1750GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750gsv_firmware",
"@product": "WRC-1750GSV firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750gs_firmware",
"@product": "WRC-1750GS firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900gst2sp_firmware",
"@product": "WRC-1900GST2SP firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900gst2_firmware",
"@product": "WRC-1900GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900gst_firmware",
"@product": "WRC-1900GST firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533ghbk-i_firmware",
"@product": "WRC-2533GHBK-I firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
"@product": "WRC-2533GS2-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
"@product": "WRC-2533GS2-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2-g_firmware",
"@product": "WRC-2533GST2-G firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2sp_firmware",
"@product": "WRC-2533GST2SP firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gsta_firmware",
"@product": "WRC-2533GSTA firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst_firmware",
"@product": "WRC-2533GST firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrh-733gbk_firmware",
"@product": "WRH-733GBK firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrh-733gwh_firmware",
"@product": "WRH-733GWH firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.0",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000108",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88993473/index.html",
"@id": "JVN#88993473",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20852",
"@id": "CVE-2021-20852",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20853",
"@id": "CVE-2021-20853",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20854",
"@id": "CVE-2021-20854",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20855",
"@id": "CVE-2021-20855",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20856",
"@id": "CVE-2021-20856",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20857",
"@id": "CVE-2021-20857",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20858",
"@id": "CVE-2021-20858",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20859",
"@id": "CVE-2021-20859",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20860",
"@id": "CVE-2021-20860",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20861",
"@id": "CVE-2021-20861",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25915",
"@id": "CVE-2022-25915",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20852",
"@id": "CVE-2021-20852",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20853",
"@id": "CVE-2021-20853",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20854",
"@id": "CVE-2021-20854",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20855",
"@id": "CVE-2021-20855",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20856",
"@id": "CVE-2021-20856",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20857",
"@id": "CVE-2021-20857",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20858",
"@id": "CVE-2021-20858",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20859",
"@id": "CVE-2021-20859",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20860",
"@id": "CVE-2021-20860",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20861",
"@id": "CVE-2021-20861",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-25915",
"@id": "CVE-2022-25915",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in multiple ELECOM LAN routers"
}
JVNDB-2020-000067
Vulnerability from jvndb - Published: 2020-10-05 15:33 - Updated:2020-10-05 15:33
Severity ?
Summary
OS command injection vulnerability in multiple ELECOM LAN routers
Details
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability (CWE-78).
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000067.html",
"dc:date": "2020-10-05T15:33+09:00",
"dcterms:issued": "2020-10-05T15:33+09:00",
"dcterms:modified": "2020-10-05T15:33+09:00",
"description": "Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability (CWE-78).\r\n\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000067.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wrc-1167gst2_firmware",
"@product": "WRC-1167GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1750gst2_firmware",
"@product": "WRC-1750GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900gst2_firmware",
"@product": "WRC-1900GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-2533gst2_firmware",
"@product": "WRC-2533GST2 firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000067",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN82892096/index.html",
"@id": "JVN#82892096",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5634",
"@id": "CVE-2020-5634",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5634",
"@id": "CVE-2020-5634",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "OS command injection vulnerability in multiple ELECOM LAN routers"
}