Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed. No authentication is required.
AnalysisAI
OS command injection in ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 series) allows unauthenticated remote attackers to execute arbitrary system commands via crafted username parameter without authentication. The vulnerability affects multiple enterprise and consumer access point models running firmware v1.1.0-1.1.1, with public disclosure by JPCERT/CC and vendor advisory available from ELECOM. CVSS 4.0 score of 9.3 reflects critical severity with network attack vector, low complexity, and no privilege requirements, enabling complete system compromise of affected wireless infrastructure devices.
Technical ContextAI
The vulnerability exists in the web management interface of ELECOM wireless access points, specifically in input validation routines processing the username parameter during authentication or user management operations. CWE-78 (OS Command Injection) indicates the application fails to properly sanitize user-supplied input before passing it to system shell commands, likely through unsafe functions like system(), exec(), or popen() in the device's embedded Linux firmware. The affected CPE entries identify four distinct product lines (WRC-BE72XSD-B, WRC-BE72XSD-BA, WRC-BE65QSD-B, WRC-W702-B) manufactured by ELECOM Co., Ltd., all sharing vulnerable firmware versions in the 1.1.x branch. These are WiFi 6E/7-capable enterprise access points running embedded web servers that expose administrative interfaces, making them attractive targets for network infrastructure compromise and lateral movement in enterprise environments.
RemediationAI
Apply firmware updates from ELECOM immediately by visiting the vendor security advisory at https://www.elecom.co.jp/news/security/20260512-01/ for patched firmware versions and installation instructions specific to each affected model (exact patched version numbers not specified in available data but should be obtained from vendor advisory). Until patching is completed, implement network-level compensating controls: isolate affected access points on dedicated management VLANs with strict firewall rules permitting administrative access only from jump hosts on trusted subnets; disable remote management interfaces entirely if not operationally required and restrict administration to local console access only; deploy intrusion prevention system (IPS) signatures to detect command injection attempts in HTTP requests to device management interfaces (note: evasion techniques may bypass signature detection). For internet-facing or guest network deployments, immediately remove devices from untrusted network segments as no effective workaround exists for unauthenticated remote vulnerabilities. Consider replacing with alternative vendor hardware if patching timeline exceeds acceptable risk window, as compromised network infrastructure devices provide persistent attacker footholds resistant to endpoint-focused detection.
More in Wrc Be72Xsd B
View allUnauthenticated remote access to ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 models) allows at
OS command injection in ELECOM wireless LAN access point devices allows authenticated administrators to execute arbitrar
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29941
GHSA-mh6j-mmrp-wqc9