CVE-2025-41427 | THREATINT

Description

WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.

PUBLISHED Reserved 2025-06-17 | Published 2025-06-24 | Updated 2025-06-25 | Assigner jpcert

HIGH: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Product status

v1.0.34 and earlier

affected

v1.0.34 and earlier

affected

v1.0.9 and earlier

affected

References

www.elecom.co.jp/news/security/20250624-01/

jvn.jp/en/jp/JVN39435597/

cve.org (CVE-2025-41427)

nvd.nist.gov (CVE-2025-41427)

Download JSON