CVE-2024-22372 | THREATINT

Description

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.

PUBLISHED Reserved 2024-01-10 | Published 2024-01-24 | Updated 2026-05-12 | Assigner jpcert

MEDIUM: 6.8CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

v1.11 and earlier

affected

v1.11 and earlier

affected

v1.17 and earlier

affected

v1.17 and earlier

affected

v1.17 and earlier

affected

v1.08 and earlier

affected

v1.08 and earlier

affected

v1.08 and earlier

affected

v1.12 and earlier

affected

v1.12 and earlier

affected

v1.13 and earlier

affected

v1.13 and earlier

affected

v1.09

affected

v1.12 and earlier

affected

v1.06 and earlier

affected

References

www.elecom.co.jp/news/security/20240123-01/

jvn.jp/en/vu/JVNVU90908488/

www.elecom.co.jp/news/security/20240123-01/

jvn.jp/en/vu/JVNVU90908488/

cve.org (CVE-2024-22372)

nvd.nist.gov (CVE-2024-22372)

Download JSON