All the vulnerabilites related to ELECOM CO.,LTD. - WRC-X6000XST-G
jvndb-2024-001061
Vulnerability from jvndb
Published
2024-01-24 17:16
Modified
2024-08-28 17:12
Severity
Summary
ELECOM wireless LAN routers vulnerable to OS command injection
Details
Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Type | URL |
---|---|
JVN | https://jvn.jp/en/vu/JVNVU90908488/index.html |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-22372 |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2024-22372 |
OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html", "dc:date": "2024-08-28T17:12+09:00", "dcterms:issued": "2024-01-24T17:16+09:00", "dcterms:modified": "2024-08-28T17:12+09:00", "description": "Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.", "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html", "sec:cpe": [ { "#text": "cpe:/o:elecom:wrc-x1500GS-B", "@product": "WRC-X1500GS-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x1500GSA-B", "@product": "WRC-X1500GSA-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware", "@product": "WRC-X1800GS-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware", "@product": "WRC-X1800GSA-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware", "@product": "WRC-X1800GSH-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware", "@product": "WRC-X3000GS2-B firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware", "@product": "WRC-X3000GS2-W firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware", "@product": "WRC-X3000GS2A-B firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware", "@product": "WRC-X6000XS-G", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware", "@product": "WRC-X6000XST-G", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" } ], "sec:cvss": [ { "@score": "5.2", "@severity": "Medium", "@type": "Base", "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2024-001061", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU90908488/index.html", "@id": "JVNVU#90908488", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-22372", "@id": "CVE-2024-22372", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-22372", "@id": "CVE-2024-22372", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" } ], "title": "ELECOM wireless LAN routers vulnerable to OS command injection" }
cve-2024-22372
Vulnerability from cvelistv5
Published
2024-01-24 04:38
Modified
2024-09-09 06:37
Severity
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:43:34.541Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.elecom.co.jp/news/security/20240123-01/" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU90908488/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "WRC-X1800GS-B", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.17 and earlier" } ] }, { "product": "WRC-X1800GSA-B", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.17 and earlier" } ] }, { "product": "WRC-X1800GSH-B", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.17 and earlier" } ] }, { "product": "WRC-X6000XS-G", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.09" } ] }, { "product": "WRC-X6000XST-G", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.12 and earlier" } ] }, { "product": "WRC-X1500GS-B", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.11 and earlier" } ] }, { "product": "WRC-X1500GSA-B", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.11 and earlier" } ] }, { "product": "WRC-X3000GS2-B", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.08 and earlier" } ] }, { "product": "WRC-X3000GS2-W", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.08 and earlier" } ] }, { "product": "WRC-X3000GS2A-B", "vendor": "ELECOM CO.,LTD.", "versions": [ { "status": "affected", "version": "v1.08 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product." } ], "problemTypes": [ { "descriptions": [ { "description": "OS command injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-09T06:37:44.578Z", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.elecom.co.jp/news/security/20240123-01/" }, { "url": "https://jvn.jp/en/vu/JVNVU90908488/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2024-22372", "datePublished": "2024-01-24T04:38:20.199Z", "dateReserved": "2024-01-10T00:47:14.234Z", "dateUpdated": "2024-09-09T06:37:44.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }