OS Command Injection Vulnerability in Elecom WRH-733GBK and WRH-733GWH
CVE-2025-43879

9.3CRITICAL

Key Information:

Vendor

Elecom Co.,ltd.

Status
Wrh-733gbk
Wrh-733gwh
Vendor
CVE Published:
24 June 2025

What is CVE-2025-43879?

Elecom's WRH-733GBK and WRH-733GWH routers are exposed to an OS command injection vulnerability in their telnet functionality. An unauthenticated remote attacker can exploit this flaw by sending specifically crafted requests, allowing them to execute arbitrary OS commands on the affected devices. This vulnerability poses a significant security risk, enabling potential unauthorized control over the routers and compromising network integrity. Users are advised to take immediate action to safeguard their devices against possible exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WRH-733GBK all versions

WRH-733GWH all versions

References

https://www.elecom.co.jp/news/security/20250624-02/
https://jvn.jp/en/jp/JVN39435597/

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.