CVE-2025-53472

CVSS 8.6 HIGHEPSS 1.1%CWE-78

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

ELECOM CO.,LTD. · WRC-BE36QS-B ELECOM CO.,LTD. · WRC-W701-B

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://jvn.jp/en/vu/JVNVU91615135/https://www.elecom.co.jp/news/security/20250722-01/