Type a vendor name or a vulnerability id.



All the vulnerabilites related to ELECOM CO.,LTD. - WRC-X6000XST-G
jvndb-2024-001061
Vulnerability from jvndb
Published
2024-01-24 17:16
Modified
2024-08-28 17:12
Severity
6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
ELECOM wireless LAN routers vulnerable to OS command injection
Details
Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
References
TypeURL
JVN https://jvn.jp/en/vu/JVNVU90908488/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2024-22372
NVD https://nvd.nist.gov/vuln/detail/CVE-2024-22372
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
VendorProduct
ELECOM CO.,LTD.WRC-X1500GS-B
ELECOM CO.,LTD.WRC-X1500GSA-B
ELECOM CO.,LTD.WRC-X1800GS-B
ELECOM CO.,LTD.WRC-X1800GSA-B
ELECOM CO.,LTD.WRC-X1800GSH-B
ELECOM CO.,LTD.WRC-X3000GS2-B firmware
ELECOM CO.,LTD.WRC-X3000GS2-W firmware
ELECOM CO.,LTD.WRC-X3000GS2A-B firmware
ELECOM CO.,LTD.WRC-X6000XS-G
ELECOM CO.,LTD.WRC-X6000XST-G
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
  "dc:date": "2024-08-28T17:12+09:00",
  "dcterms:issued": "2024-01-24T17:16+09:00",
  "dcterms:modified": "2024-08-28T17:12+09:00",
  "description": "Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:wrc-x1500GS-B",
      "@product": "WRC-X1500GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1500GSA-B",
      "@product": "WRC-X1500GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
      "@product": "WRC-X1800GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
      "@product": "WRC-X1800GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
      "@product": "WRC-X1800GSH-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
      "@product": "WRC-X3000GS2-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
      "@product": "WRC-X3000GS2-W firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
      "@product": "WRC-X3000GS2A-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
      "@product": "WRC-X6000XS-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
      "@product": "WRC-X6000XST-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2024-001061",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU90908488/index.html",
      "@id": "JVNVU#90908488",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-22372",
      "@id": "CVE-2024-22372",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-22372",
      "@id": "CVE-2024-22372",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "ELECOM wireless LAN routers vulnerable to OS command injection"
}

cve-2024-22372
Vulnerability from cvelistv5
Published
2024-01-24 04:38
Modified
2024-09-09 06:37
Severity
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
References
URLTags
https://www.elecom.co.jp/news/security/20240123-01/
https://jvn.jp/en/vu/JVNVU90908488/
Impacted products
VendorProduct
ELECOM CO.,LTD.WRC-X1800GS-B
ELECOM CO.,LTD.WRC-X1800GSA-B
ELECOM CO.,LTD.WRC-X1800GSH-B
ELECOM CO.,LTD.WRC-X6000XS-G
ELECOM CO.,LTD.WRC-X6000XST-G
ELECOM CO.,LTD.WRC-X1500GS-B
ELECOM CO.,LTD.WRC-X1500GSA-B
ELECOM CO.,LTD.WRC-X3000GS2-B
ELECOM CO.,LTD.WRC-X3000GS2-W
ELECOM CO.,LTD.WRC-X3000GS2A-B
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20240123-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU90908488/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-X1800GS-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.17 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X1800GSA-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.17 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X1800GSH-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.17 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X6000XS-G",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.09"
            }
          ]
        },
        {
          "product": "WRC-X6000XST-G",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.12 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X1500GS-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.11 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X1500GSA-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.11 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X3000GS2-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.08 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X3000GS2-W",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.08 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X3000GS2A-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.08 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-09T06:37:44.578Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20240123-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU90908488/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-22372",
    "datePublished": "2024-01-24T04:38:20.199Z",
    "dateReserved": "2024-01-10T00:47:14.234Z",
    "dateUpdated": "2024-09-09T06:37:44.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}