CVE-2024-25579: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute...

6.8 CVSS

Description

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".

Classification

CVE ID: CVE-2024-25579

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.8

Affected Products

Vendor: ELECOM CO.,LTD.

Product: WRC-1167GS2-B

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.elecom.co.jp/news/security/20240220-01/
https://jvn.jp/en/vu/JVNVU99444194/

Timeline

2024-11-27 14:52:06 UTC
CVE
2024-12-04 00:11:27 UTC
CVE

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute...