CVE-2025-53472

Summary

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-BE36QS-Bv1.1.3 and earlieraffected
ELECOM CO.,LTD.WRC-W701-Bv1.1.3 and earlieraffected

Weaknesses

  • CWE-78: Improper neutralization of special elements used in an OS command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References