Wrc X1500Gsa B Firmware
CVE-2026-22550
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
AnalysisAI
Authenticated command injection in WRC-X1500GS-B and WRC-X1500GSA-B routers enables logged-in users to execute arbitrary OS commands through specially crafted requests. An attacker with valid credentials can gain complete system control over the affected devices. No patch is currently available to remediate this vulnerability.
Technical ContextAI
Classified as CWE-78 (OS Command Injection). OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS command execution.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Wrc X1500Gsa B Firmware
View allELECOM wireless LAN access point devices have a stack-based buffer overflow that allows remote attackers to execute code
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Rated high severity (CVSS 8.8), this vul
WRC-X1500GS-B and WRC-X1500GSA-B routers contain a weak credential derivation vulnerability where initial administrative
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today