Elecom

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-24465 1Elecom 8Wab S300iw Ac Firmware Wab S300iw Pd FirmwareWab S300iw2 Pd Firmware+5 more Apr 14, 2026 Feb 3, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.
CVE-2026-24449 1Elecom 2Wrc X1500gs B Firmware Wrc X1500gsa B Firmware Apr 10, 2026 Feb 3, 2026 5.1 MEDIUM· v4 4.6 MEDIUM· v3 N/A· v2 For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
CVE-2026-22550 1Elecom 2Wrc X1500gs B Firmware Wrc X1500gsa B Firmware May 12, 2026 Feb 3, 2026 8.6 HIGH· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
CVE-2024-43689 1Elecom 2Wab I1750 Ps Firmware Wab S1167 Ps Firmware Sep 4, 2025 Oct 21, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.
CVE-2024-42412 1Elecom 2Wab I1750 Ps Firmware Wab S1167 Ps Firmware Sep 19, 2025 Aug 30, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script...Show more Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.Show less
CVE-2024-39300 1Elecom 1Wab I1750 Ps Firmware Sep 3, 2024 Aug 30, 2024 N/A· v4 3.7 LOW· v3 N/A· v2 Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and al...Show more Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings.Show less
CVE-2024-34577 1Elecom 3Wrc X3000gs2 B Firmware Wrc X3000gs2 W FirmwareWrc X3000gs2a B Firmware May 12, 2026 Aug 30, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while log...Show more Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.Show less
CVE-2024-40883 1Elecom 6Wrc 2533gs2 B Firmware Wrc 2533gs2 W FirmwareWrc 2533gs2v B Firmware+3 more Nov 26, 2024 Aug 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unin...Show more Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.Show less
CVE-2024-23910 1Elecom 11Wmc X1800gst B Firmware Wrc 1167gs2 B FirmwareWrc 1167gs2h B Firmware+8 more Apr 22, 2025 Feb 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended o...Show more Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".Show less
CVE-2024-21798 1Elecom 10Wmc X1800gst B Firmware Wrc 1167gs2 B FirmwareWrc 1167gs2h B Firmware+7 more Feb 14, 2025 Feb 28, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs...Show more ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".Show less
CVE-2024-22372 1Elecom 5Wrc X1800gs B Firmware Wrc X1800gsa B FirmwareWrc X1800gsh B Firmware+2 more Feb 17, 2025 Jan 24, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product...Show more OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.Show less
CVE-2023-49695 1Elecom 3Wrc X3000gs Firmware Wrc X3000gsa FirmwareWrc X3000gsn Firmware Nov 21, 2024 Dec 12, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary...Show more OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.Show less
CVE-2023-43757 1Elecom 34Lan W300n/p Firmware Lan W300n/rs FirmwareLan W301nr Firmware+31 more Nov 21, 2024 Nov 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN co...Show more Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.Show less
CVE-2023-43752 1Elecom 3Wrc X3000gs2 B Firmware Wrc X3000gs2 W FirmwareWrc X3000gs2a B Firmware Nov 21, 2024 Nov 16, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS comm...Show more OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.Show less
CVE-2023-40072 1Elecom 2Wab S300 Firmware Wab S600 Ps Firmware Jul 3, 2025 Aug 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
CVE-2023-40069 1Elecom 5Wrc 1167ghbk2 Firmware Wrc 1750ghbk E FirmwareWrc 1750ghbk2 I Firmware+2 more Nov 21, 2024 Aug 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions ar...Show more OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.Show less
CVE-2023-39944 1Elecom 2Wrc 1750ghbk Firmware Wrc F1167acf Firmware Nov 21, 2024 Aug 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
CVE-2023-39455 1Elecom 7Wrc 1467ghbk A Firmware Wrc 1467ghbk S FirmwareWrc 1900ghbk A Firmware+4 more Nov 21, 2024 Aug 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC...Show more OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.Show less
CVE-2023-39454 1Elecom 3Wrc X1800gs B Firmware Wrc X1800gsa B FirmwareWrc X1800gsh B Firmware Feb 17, 2025 Aug 18, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
CVE-2023-39445 1Elecom 7Wrc 1467ghbk A Firmware Wrc 1467ghbk S FirmwareWrc 1900ghbk A Firmware+4 more Nov 21, 2024 Aug 18, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain m...Show more Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.Show less

12 3 4 Next