6.8
CVE-2024-22372
- EPSS 0.17%
- Veröffentlicht 24.01.2024 05:15:14
- Zuletzt bearbeitet 17.02.2025 06:15:12
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginOS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elecom ≫ Wrc-x1800gs-b Firmware Version < 1.18
Elecom ≫ Wrc-x1800gsh-b Firmware Version < 1.18
Elecom ≫ Wrc-x1800gsa-b Firmware Version < 1.18
Elecom ≫ Wrc-x6000xs-g Firmware Version1.09
Elecom ≫ Wrc-x6000xst-g Firmware Version < 1.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.391 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| vultures@jpcert.or.jp | 6.8 | 0.9 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.