Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an arbitrary OS command may be executed.
AnalysisAI
OS command injection in ELECOM wireless LAN access point devices allows authenticated administrators to execute arbitrary system commands via a crafted ping_ip_addr parameter. Affects multiple ELECOM WRC-series models including WRC-BE72XSD-B (v1.1.1 and earlier), WRC-BE65QSD-B (v1.1.0 and earlier), and WRC-W702-B (v1.1.0 and earlier). Despite the high CVSS 8.6 score, exploitation requires high-privilege (administrator) credentials, significantly limiting real-world risk to scenarios involving compromised admin accounts or malicious insiders. No active exploitation (KEV) or public POC has been identified at time of analysis. Vendor advisory available from ELECOM with remediation guidance.
Technical ContextAI
This vulnerability stems from improper neutralization of special elements used in OS commands (CWE-78), specifically in the ping diagnostic functionality common to network device web interfaces. The ping_ip_addr parameter, likely part of a network troubleshooting feature in the access point's administrative interface, fails to sanitize user input before passing it to system shell commands. When the device executes ping operations, unsanitized input allows injection of command separators (such as semicolons, pipes, or ampersands) to chain arbitrary commands. The affected products are enterprise and consumer wireless access points from ELECOM Co., Ltd., identified by CPE strings for WRC-BE72XSD-B/BA (WiFi 7 models), WRC-BE65QSD-B (WiFi 6E model), and WRC-W702-B variants. These devices run embedded Linux-based firmware with web management interfaces, where diagnostic tools like ping are commonly implemented through shell command execution rather than native API calls, creating injection risks when input validation is insufficient.
RemediationAI
Apply firmware updates from ELECOM as detailed in the vendor security advisory at https://www.elecom.co.jp/news/security/20260512-01/. Specific patched firmware versions are not independently confirmed from available data-consult the vendor advisory for exact upgrade paths for each affected model (WRC-BE72XSD-B/BA, WRC-BE65QSD-B, WRC-W702-B). Until patches are applied, implement compensating controls: restrict administrative interface access to dedicated management VLANs with strict IP allowlisting (blocks remote exploitation vector), enforce multi-factor authentication for all admin accounts (raises PR:H barrier further), disable remote management features if not operationally required (eliminates AV:N attack surface), and monitor access point system logs for unexpected ping utility invocations or shell command patterns. Note that disabling diagnostic features may impact troubleshooting workflows-balance security risk against operational requirements. As a longer-term control, rotate all administrative credentials following patch application to invalidate any previously compromised accounts.
More in Wrc Be72Xsd B
View allOS command injection in ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 series) allows unauthentic
Unauthenticated remote access to ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 models) allows at
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29939
GHSA-p3g4-xxhh-7c6g