Wrc X1500Gsa B Firmware
CVE-2026-24449
MEDIUM
Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
AnalysisAI
WRC-X1500GS-B and WRC-X1500GSA-B routers contain a weak credential derivation vulnerability where initial administrative passwords can be predicted from publicly available system information, potentially allowing unauthenticated attackers to gain administrative access. The vulnerability requires physical proximity to the device to obtain necessary system details, limiting its practical exploitability. No patch is currently available for affected devices.
Technical ContextAI
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.
RemediationAI
Monitor vendor advisories for a patch.
More in Wrc X1500Gsa B Firmware
View allELECOM wireless LAN access point devices have a stack-based buffer overflow that allows remote attackers to execute code
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Rated high severity (CVSS 8.8), this vul
Authenticated command injection in WRC-X1500GS-B and WRC-X1500GSA-B routers enables logged-in users to execute arbitrary
Same weakness CWE-1391 – Use of Weak Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today