Vulnerabilities in ELECOM CO.,LTD.
81 resultsCVE-2025-48890CRITICALWRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilitEPSS 2.6%CVE-2025-43879CRITICALWRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilitEPSS 2.6%CVE-2021-20651—Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to create an arbitrary file or overwrite an exEPSS 1.9%CVE-2023-37567—Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary EPSS 1.8%CVE-2026-22550HIGHOS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary EPSS 1.7%CVE-2026-42062CRITICALELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted requesEPSS 1.6%CVE-2023-40072HIGHOS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS commaEPSS 1.6%CVE-2026-35506HIGHELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processinEPSS 1.3%CVE-2024-21798MEDIUMELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affecteEPSS 1.3%CVE-2023-39455—OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sendingEPSS 1.3%CVE-2023-40069CRITICALOS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS cEPSS 1.2%CVE-2023-39944—OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the productEPSS 1.2%CVE-2021-20643—Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the administrative password of the affected devicEPSS 1.1%CVE-2024-25568HIGHOS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OSEPSS 1.1%CVE-2025-53472HIGHWRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilEPSS 1.1%CVE-2023-43752—OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlEPSS 1.0%CVE-2025-41427HIGHWRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command InjectEPSS 1.0%CVE-2023-37566—Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arEPSS 1.0%CVE-2024-43689HIGHStack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitraryEPSS 0.9%CVE-2023-39454HIGHBuffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.EPSS 0.9%