Wrc Be65Qsd B
Monthly
OS command injection in ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 series) allows unauthenticated remote attackers to execute arbitrary system commands via crafted username parameter without authentication. The vulnerability affects multiple enterprise and consumer access point models running firmware v1.1.0-1.1.1, with public disclosure by JPCERT/CC and vendor advisory available from ELECOM. CVSS 4.0 score of 9.3 reflects critical severity with network attack vector, low complexity, and no privilege requirements, enabling complete system compromise of affected wireless infrastructure devices.
Unauthenticated remote access to ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 models) allows attackers to perform administrative operations via specific URLs that bypass authentication (CWE-288). With CVSS 4.0 score 9.3 (AV:N/AC:L/PR:N), this represents a critical access control failure enabling complete device compromise over the network. EPSS data not available; no confirmed active exploitation (not in CISA KEV) or public POC identified at time of analysis, though the vendor advisory from ELECOM and JPCERT coordination suggests real-world discovery.
OS command injection in ELECOM wireless LAN access point devices allows authenticated administrators to execute arbitrary system commands via a crafted ping_ip_addr parameter. Affects multiple ELECOM WRC-series models including WRC-BE72XSD-B (v1.1.1 and earlier), WRC-BE65QSD-B (v1.1.0 and earlier), and WRC-W702-B (v1.1.0 and earlier). Despite the high CVSS 8.6 score, exploitation requires high-privilege (administrator) credentials, significantly limiting real-world risk to scenarios involving compromised admin accounts or malicious insiders. No active exploitation (KEV) or public POC has been identified at time of analysis. Vendor advisory available from ELECOM with remediation guidance.
OS command injection in ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 series) allows unauthenticated remote attackers to execute arbitrary system commands via crafted username parameter without authentication. The vulnerability affects multiple enterprise and consumer access point models running firmware v1.1.0-1.1.1, with public disclosure by JPCERT/CC and vendor advisory available from ELECOM. CVSS 4.0 score of 9.3 reflects critical severity with network attack vector, low complexity, and no privilege requirements, enabling complete system compromise of affected wireless infrastructure devices.
Unauthenticated remote access to ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 models) allows attackers to perform administrative operations via specific URLs that bypass authentication (CWE-288). With CVSS 4.0 score 9.3 (AV:N/AC:L/PR:N), this represents a critical access control failure enabling complete device compromise over the network. EPSS data not available; no confirmed active exploitation (not in CISA KEV) or public POC identified at time of analysis, though the vendor advisory from ELECOM and JPCERT coordination suggests real-world discovery.
OS command injection in ELECOM wireless LAN access point devices allows authenticated administrators to execute arbitrary system commands via a crafted ping_ip_addr parameter. Affects multiple ELECOM WRC-series models including WRC-BE72XSD-B (v1.1.1 and earlier), WRC-BE65QSD-B (v1.1.0 and earlier), and WRC-W702-B (v1.1.0 and earlier). Despite the high CVSS 8.6 score, exploitation requires high-privilege (administrator) credentials, significantly limiting real-world risk to scenarios involving compromised admin accounts or malicious insiders. No active exploitation (KEV) or public POC has been identified at time of analysis. Vendor advisory available from ELECOM with remediation guidance.