CVE Tools

elecom co.,ltd.

Networking InfrastructureJPcommercial

56

Cumulative CVEs

8

Monthly snapshots

#43

Peak rank

Top products

wab-be187-m3 wab-be36-m3 wab-be36-s3

Latest CVEs

The 15 most recently published vulnerabilities affecting elecom co.,ltd..

CVE-2026-42961ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked ...4.3May 13, 2026
CVE-2026-42950ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin page on the user's web browser may ...4.3May 13, 2026
CVE-2026-42948Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another admin...4.8May 13, 2026
CVE-2026-42062ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentica...9.8May 13, 2026
CVE-2026-40621ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.9.8May 13, 2026
CVE-2026-35506ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrar...7.2May 13, 2026
CVE-2026-25107ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration file ...6.5May 13, 2026
CVE-2026-24465Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.9.8Feb 3, 2026
CVE-2026-24449For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.4.6Feb 3, 2026
CVE-2026-22550OS command injection vulnerability exists in ELECOM wireless LAN products. A crafted request from a logged-in user may lead to an arbitrary OS command execution.8.8Feb 3, 2026
CVE-2026-20704Cross-site request forgery vulnerability exists in ELECOM wireless LAN products. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.4.3Feb 3, 2026
CVE-2025-66271Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrar...6.7Dec 9, 2025
CVE-2025-46267Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.4.9Jul 22, 2025
CVE-2025-53472WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may ...7.2Jul 22, 2025
CVE-2025-48890WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated at...9.8Jun 24, 2025