Vulnerabilidades en ELECOM CO.,LTD.
81 resultadosCVE-2022-21799—Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network EPSS 0.3%CVE-2021-20649—ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the coEPSS 0.3%CVE-2025-46267MEDIUMHidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remoEPSS 0.3%CVE-2025-36519MEDIUMUnrestricted upload of file with dangerous type issue exists in WRC-2533GST2, WRC-1167GST2, WRC-2533GST2, WRC-2533GS2V-B,WRC-2533GS2-B v1.69EPSS 0.3%CVE-2023-37563—ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtaiEPSS 0.3%CVE-2024-29225MEDIUMELECOM wireless LAN routers allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive informatEPSS 0.3%CVE-2024-23910MEDIUMCross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attEPSS 0.2%CVE-2024-42412MEDIUMCross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a userEPSS 0.2%CVE-2024-34577MEDIUMCross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing EPSS 0.2%CVE-2023-37562—Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a userEPSS 0.2%CVE-2026-42950MEDIUMELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page whileEPSS 0.2%CVE-2023-22368HIGHUntrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain priEPSS 0.2%CVE-2023-22282HIGHWAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces aEPSS 0.2%CVE-2024-40883MEDIUMCross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected prEPSS 0.2%CVE-2025-43877MEDIUMWRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the webEPSS 0.2%CVE-2026-24449MEDIUMFor WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.EPSS 0.2%CVE-2026-42961MEDIUMELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views aEPSS 0.2%CVE-2026-42948MEDIUMStored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious dEPSS 0.2%CVE-2026-20704MEDIUMCross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the EPSS 0.1%CVE-2025-66271HIGHClone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on thEPSS 0.1%