OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
History

Tue, 03 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Elecom wrc-1167gst2 Firmware
Elecom wrc-2533gst2 Firmware
CPEs cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
Vendors & Products Elecom wrc-1167gst2 Firmware
Elecom wrc-2533gst2 Firmware

Tue, 26 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Elecom
Elecom wmc-x1800gst-b Firmware
Elecom wrc-1167gs2-b Firmware
Elecom wrc-1167gs2h-b Firmware
Elecom wrc-2533gs2-b Firmware
Elecom wrc-2533gs2-w Firmware
Elecom wrc-2533gs2v-b Firmware
Elecom wrc-g01-w Firmware
Elecom wrc-x3200gst3-b Firmware
CPEs cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*
Vendors & Products Elecom
Elecom wmc-x1800gst-b Firmware
Elecom wrc-1167gs2-b Firmware
Elecom wrc-1167gs2h-b Firmware
Elecom wrc-2533gs2-b Firmware
Elecom wrc-2533gs2-w Firmware
Elecom wrc-2533gs2v-b Firmware
Elecom wrc-g01-w Firmware
Elecom wrc-x3200gst3-b Firmware
Metrics cvssV3_0

{'score': 6.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 28 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-02-28T23:08:49.598Z

Updated: 2024-12-03T17:10:28.400Z

Reserved: 2024-02-15T01:25:08.855Z

Link: CVE-2024-25579

cve-icon Vulnrichment

Updated: 2024-08-01T23:44:09.653Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-28T23:15:09.660

Modified: 2024-11-26T08:15:04.400

Link: CVE-2024-25579

cve-icon Redhat

No data.