CVE-2026-20704
4.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X1500GS-B | v1.12 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X1500GSA-B | v1.12 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2-B | v1.09 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2-W | v1.09 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2A-B | v1.09 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GST2-B | v1.06 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X1800GS-B | v1.19 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X1800GSA-B | v1.19 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X1800GSH-B | v1.19 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000QS-G | v1.14 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000QSA-G | v1.14 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000XS-G | v1.12 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X6000XST-G | v1.16 and earlier | affected |
| ELECOM CO.,LTD. | WRC-XE5400GS-G | v1.13 and earlier | affected |
| ELECOM CO.,LTD. | WRC-XE5400GSA-G | v1.13 and earlier | affected |
Weaknesses
- CWE-352: Cross-site request forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.