OS Command Injection Vulnerability Affects WRC Products
CVE-2024-26258

6.8MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-x3200gst3-b; Wrc-g01-w; Wrc-1167gst2; Wrc-2533gst2
Vendor: CVE Published:; 4 April 2024

Summary

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.

Affected Version(s)

WRC-1167GST2 v1.32 and earlier

WRC-2533GST2 v1.30 and earlier

WRC-G01-W v1.24 and earlier

References

https://www.elecom.co.jp/news/security/20240326-01/

https://jvn.jp/en/vu/JVNVU95381465/

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2024