File Upload Vulnerability in WRC-2533GST2 and WRC-1167GST2 by Elecom
CVE-2025-36519

5.3MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-2533gst2; Wrc-1167gst2
Vendor: CVE Published:; 24 June 2025

🔔 Create Elecom Co.,ltd. Vulnerability Alert

What is CVE-2025-36519?

A security issue has been identified in Elecom's WRC-2533GST2 and WRC-1167GST2 devices that allows authenticated remote attackers to upload malicious files. This vulnerability permits the execution of arbitrary code on the affected devices, potentially allowing unauthorized access and control. Enterprise users should immediately assess their systems and implement measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

WRC-1167GST2 v1.34 and earlier

WRC-2533GST2 v1.31 and earlier

References

https://www.elecom.co.jp/news/security/20250624-01/

https://jvn.jp/en/jp/JVN39435597/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 17, 2025