Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-GR39-677J-2H8C
Vulnerability from github – Published: 2024-02-29 00:30 – Updated: 2024-08-28 18:31
VLAI
Details
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.
Severity
6.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-25579"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-28T23:15:09Z",
"severity": "MODERATE"
},
"details": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier.",
"id": "GHSA-gr39-677j-2h8c",
"modified": "2024-08-28T18:31:53Z",
"published": "2024-02-29T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25579"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/vu/JVNVU99444194"
},
{
"type": "WEB",
"url": "https://www.elecom.co.jp/news/security/20240220-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CVE-2024-25579 (GCVE-0-2024-25579)
Vulnerability from cvelistv5 – Published: 2024-02-28 23:08 – Updated: 2026-02-03 07:57
VLAI
EPSS
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
Severity
6.8 (Medium)
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
Impacted products
23 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GS2-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GS2H-B |
Affected:
v1.67 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GST2 |
Affected:
v1.32 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2-W |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GS2V-B |
Affected:
v1.62 and earlier
|
|
| ELECOM CO.,LTD. | WRC-2533GST2 |
Affected:
v1.30 and earlier
|
|
| ELECOM CO.,LTD. | WRC-X3200GST3-B |
Affected:
v1.25 and earlier
|
|
| ELECOM CO.,LTD. | WRC-G01-W |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WMC-X1800GST-B |
Affected:
v1.41 and earlier
|
|
| ELECOM CO.,LTD. | WMC-2LX2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WMC-X1800GST2-B |
Affected:
v1.16
|
|
| ELECOM CO.,LTD. | WSC-X1800GS2-B |
Affected:
v1.16
|
|
| elecom | wrc-1167gs2-b_firmware |
Affected:
0 , ≤ 1.67
(custom)
cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gs2h-b_firmware |
Affected:
0 , ≤ 1.67
(custom)
cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-b_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2-w_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gs2v-b_firmware |
Affected:
0 , ≤ 1.62
(custom)
cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-x3200gst3-b_firmware |
Affected:
0 , ≤ 1.25
(custom)
cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-g01-w_firmware |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wmc-x1800gst-b_firmware |
Affected:
0 , ≤ 1.41
(custom)
cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gst2_firmware |
Affected:
0 , ≤ 1.32
(custom)
cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:* |
|
| elecom | wrc-2533gst2_firmware |
Affected:
0 , ≤ 1.30
(custom)
cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU99444194/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gs2h-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.67",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gs2v-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.62",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-x3200gst3-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-g01-w_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wmc-x1800gst-b_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gst2_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-2533gst2_firmware",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.30",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-01T16:04:56.890317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T17:10:28.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GS2H-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.67 and earlier"
}
]
},
{
"product": "WRC-1167GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.32 and earlier"
}
]
},
{
"product": "WRC-2533GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GS2V-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.62 and earlier"
}
]
},
{
"product": "WRC-2533GST2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.30 and earlier"
}
]
},
{
"product": "WRC-X3200GST3-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.25 and earlier"
}
]
},
{
"product": "WRC-G01-W",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WMC-X1800GST-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.41 and earlier"
}
]
},
{
"product": "WMC-2LX2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WMC-X1800GST2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
},
{
"product": "WSC-X1800GS2-B",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en-US",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T07:57:43.515Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU99444194/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-25579",
"datePublished": "2024-02-28T23:08:49.598Z",
"dateReserved": "2024-02-15T01:25:08.855Z",
"dateUpdated": "2026-02-03T07:57:43.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…