cbcvebase.
CVE-2024-22372
published 2024-01-24

CVE-2024-22372: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS…

PriorityP342medium6.8CVSS 3.1
AVAACLPRHUINSUCHIHAH
EPSS
0.82%
52.7th percentile
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

Affected

20 ranges
VendorProductVersion rangeFixed in
elecomwrc-x1800gs-b_firmware< 1.181.18
elecomwrc-x1800gsa-b_firmware< 1.181.18
elecomwrc-x1800gsh-b_firmware< 1.181.18
elecomwrc-x6000xs-g_firmware
elecomwrc-x6000xst-g_firmware< 1.141.14
elecom_co_ltdwrc-x1500gs-b
elecom_co_ltdwrc-x1500gsa-b
elecom_co_ltdwrc-x1800gs-b
elecom_co_ltdwrc-x1800gsa-b
elecom_co_ltdwrc-x1800gsh-b
elecom_co_ltdwrc-x3000gs2-b
elecom_co_ltdwrc-x3000gs2-w
elecom_co_ltdwrc-x3000gs2a-b
elecom_co_ltdwrc-x3000gst2-b
elecom_co_ltdwrc-x6000qs-g
elecom_co_ltdwrc-x6000qsa-g
elecom_co_ltdwrc-x6000xs-g
elecom_co_ltdwrc-x6000xst-g
elecom_co_ltdwrc-xe5400gs-g
elecom_co_ltdwrc-xe5400gsa-g

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.8MEDIUMCVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.