CVE-2024-25579
6.8
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GS2-B | v1.67 and earlier | affected |
| ELECOM CO.,LTD. | WRC-1167GS2H-B | v1.67 and earlier | affected |
| ELECOM CO.,LTD. | WRC-1167GST2 | v1.32 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GS2-B | v1.62 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GS2-W | v1.62 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GS2V-B | v1.62 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GST2 | v1.30 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3200GST3-B | v1.25 and earlier | affected |
| ELECOM CO.,LTD. | WRC-G01-W | v1.24 and earlier | affected |
| ELECOM CO.,LTD. | WMC-X1800GST-B | v1.41 and earlier | affected |
| ELECOM CO.,LTD. | WMC-2LX2-B | v1.16 | affected |
| ELECOM CO.,LTD. | WMC-X1800GST2-B | v1.16 | affected |
| ELECOM CO.,LTD. | WSC-X1800GS2-B | v1.16 | affected |
Weaknesses
- OS command injection
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.