Filtered by vendor Elecom
Subscribe
Search
Total
19 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49695 | 1 Elecom | 6 Wrc-x3000gs, Wrc-x3000gs Firmware, Wrc-x3000gsa and 3 more | 2023-12-15 | N/A | 6.8 MEDIUM |
| OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | |||||
| CVE-2023-43757 | 1 Elecom | 68 Lan-w300n\/p, Lan-w300n\/p Firmware, Lan-w300n\/rs and 65 more | 2023-12-01 | N/A | 6.5 MEDIUM |
| Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | |||||
| CVE-2023-37563 | 1 Elecom | 10 Wrc-1167febk-a, Wrc-1167febk-a Firmware, Wrc-1167febk-s and 7 more | 2023-08-18 | N/A | 6.5 MEDIUM |
| ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. | |||||
| CVE-2022-21799 | 1 Elecom | 2 Wrc-300febk-r, Wrc-300febk-r Firmware | 2022-02-11 | 2.9 LOW | 5.2 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20852 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 5.2 MEDIUM | 6.8 MEDIUM |
| Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. | |||||
| CVE-2021-20854 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 5.2 MEDIUM | 6.8 MEDIUM |
| ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-20853 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 5.2 MEDIUM | 6.8 MEDIUM |
| ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-20855 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20862 | 1 Elecom | 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more | 2021-12-02 | 3.3 LOW | 4.3 MEDIUM |
| Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product's settings via unspecified vectors. | |||||
| CVE-2021-20857 | 1 Elecom | 2 Wrc-2533ghbk-i, Wrc-2533ghbk-i Firmware | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20856 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20858 | 1 Elecom | 2 Wrc-2533ghbk-i, Wrc-2533ghbk-i Firmware | 2021-12-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20644 | 1 Elecom | 2 Wrc-1467ghbk-a, Wrc-1467ghbk-a Firmware | 2021-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page. | |||||
| CVE-2021-20650 | 1 Elecom | 2 Ncc-ewf100rmwh2, Ncc-ewf100rmwh2 Firmware | 2021-02-18 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
| CVE-2021-20645 | 1 Elecom | 2 Wrc-300febk-a, Wrc-300febk-a Firmware | 2021-02-15 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | |||||
| CVE-2021-20646 | 1 Elecom | 2 Wrc-300febk-a, Wrc-300febk-a Firmware | 2021-02-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
| CVE-2021-20647 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2021-02-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. | |||||
| CVE-2021-20648 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2021-02-15 | 7.7 HIGH | 6.8 MEDIUM |
| ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2021-20649 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2021-02-15 | 5.8 MEDIUM | 4.8 MEDIUM |
| ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. | |||||