CVE-2024-26258 | THREATINT

Description

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the product.

PUBLISHED Reserved 2024-03-19 | Published 2024-04-04 | Updated 2026-05-12 | Assigner jpcert

MEDIUM: 6.8CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

OS command injection

Product status

v1.25 and earlier

affected

v1.24 and earlier

affected

v1.32 and earlier

affected

v1.30 and earlier

affected

v1.42 and earlier

affected

v1.42 and earlier

affected

v1.42 and earlier

affected

References

www.elecom.co.jp/news/security/20240326-01/

jvn.jp/en/vu/JVNVU95381465/

www.elecom.co.jp/news/security/20240326-01/

jvn.jp/en/vu/JVNVU95381465/

cve.org (CVE-2024-26258)

nvd.nist.gov (CVE-2024-26258)

Download JSON