Vulnerability Description
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU95381465/
- https://www.elecom.co.jp/news/security/20240326-01/
- https://jvn.jp/en/vu/JVNVU95381465/
- https://www.elecom.co.jp/news/security/20240326-01/
FAQ
What is CVE-2024-25568?
CVE-2024-25568 is a vulnerability with a CVSS score of 8.8 (HIGH). OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the prod...
How severe is CVE-2024-25568?
CVE-2024-25568 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25568?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.