Description

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

Classification

CVE ID: CVE-2024-22372

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.8

CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor: ELECOM CO.,LTD.

Product: WRC-X1500GS-B

Exploit Prediction Scoring System (EPSS)

EPSS Score: 1.07% (probability of being exploited)

EPSS Percentile: 76.27% (scored less or equal to compared to others)

EPSS Date: 2025-03-18 (when was this score calculated)

References

https://www.elecom.co.jp/news/security/20240123-01/
https://jvn.jp/en/vu/JVNVU90908488/

Timeline