汇总 Elecom 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 路径处理缺陷与内存损坏 等问题,部分漏洞可能导致 内存损坏,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-24465 | Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution. | [email protected] | 9.3 | 0.02% | 2026-02-03 | 2026-04-14 |
| CVE-2026-24449 | For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information. | [email protected] | 5.1 | 0.01% | 2026-02-03 | 2026-04-10 |
| CVE-2026-22550 | OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution. | [email protected] | 8.6 | 0.04% | 2026-02-03 | 2026-05-12 |
| CVE-2024-43689 | Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed. | [email protected] | 9.8 | 0.93% | 2024-10-21 | 2025-09-04 |
| CVE-2024-42412 | Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | [email protected] | 6.1 | 0.94% | 2024-08-30 | 2025-09-19 |
| CVE-2024-39300 | Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. | [email protected] | 3.7 | 0.39% | 2024-08-30 | 2024-09-03 |
| CVE-2024-34577 | Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. | [email protected] | 6.1 | 0.97% | 2024-08-30 | 2026-05-12 |
| CVE-2024-40883 | Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. | [email protected] | 8.8 | 0.23% | 2024-08-01 | 2024-11-26 |
| CVE-2024-23910 | Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B". | [email protected] | 8.8 | 0.21% | 2024-02-28 | 2025-04-22 |
| CVE-2024-21798 | ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". | [email protected] | 4.8 | 0.39% | 2024-02-28 | 2025-02-14 |
| CVE-2024-22372 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. | [email protected] | 6.8 | 0.17% | 2024-01-24 | 2025-02-17 |
| CVE-2023-49695 | OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | [email protected] | 6.8 | 0.17% | 2023-12-12 | 2024-11-21 |
| CVE-2023-43757 | Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | [email protected] | 6.5 | 0.04% | 2023-11-16 | 2024-11-21 |
| CVE-2023-43752 | OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | [email protected] | 8.0 | 0.16% | 2023-11-16 | 2024-11-21 |
| CVE-2023-40072 | OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | [email protected] | 8.8 | 2.57% | 2023-08-18 | 2025-07-03 |
| CVE-2023-40069 | OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. | [email protected] | 9.8 | 1.56% | 2023-08-18 | 2024-11-21 |
| CVE-2023-39944 | OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. | [email protected] | 8.8 | 1.25% | 2023-08-18 | 2024-11-21 |
| CVE-2023-39455 | OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions. | [email protected] | 8.8 | 1.43% | 2023-08-18 | 2024-11-21 |
| CVE-2023-39454 | Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. | [email protected] | 9.8 | 0.73% | 2023-08-18 | 2025-02-17 |
| CVE-2023-39445 | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | [email protected] | 8.8 | 0.15% | 2023-08-18 | 2024-11-21 |