Skip to main content

Wrc Be72Xsd Ba

3 CVEs product

Monthly

CVE-2026-42062 CRITICAL Act Now

OS command injection in ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 series) allows unauthenticated remote attackers to execute arbitrary system commands via crafted username parameter without authentication. The vulnerability affects multiple enterprise and consumer access point models running firmware v1.1.0-1.1.1, with public disclosure by JPCERT/CC and vendor advisory available from ELECOM. CVSS 4.0 score of 9.3 reflects critical severity with network attack vector, low complexity, and no privilege requirements, enabling complete system compromise of affected wireless infrastructure devices.

Command Injection Wrc Be72Xsd B Wrc Be72Xsd Ba Wrc Be65Qsd B Wrc W702 B
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2026-40621 CRITICAL Act Now

Unauthenticated remote access to ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 models) allows attackers to perform administrative operations via specific URLs that bypass authentication (CWE-288). With CVSS 4.0 score 9.3 (AV:N/AC:L/PR:N), this represents a critical access control failure enabling complete device compromise over the network. EPSS data not available; no confirmed active exploitation (not in CISA KEV) or public POC identified at time of analysis, though the vendor advisory from ELECOM and JPCERT coordination suggests real-world discovery.

Information Disclosure Wrc Be72Xsd B Wrc Be72Xsd Ba Wrc Be65Qsd B Wrc W702 B
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-35506 HIGH This Week

OS command injection in ELECOM wireless LAN access point devices allows authenticated administrators to execute arbitrary system commands via a crafted ping_ip_addr parameter. Affects multiple ELECOM WRC-series models including WRC-BE72XSD-B (v1.1.1 and earlier), WRC-BE65QSD-B (v1.1.0 and earlier), and WRC-W702-B (v1.1.0 and earlier). Despite the high CVSS 8.6 score, exploitation requires high-privilege (administrator) credentials, significantly limiting real-world risk to scenarios involving compromised admin accounts or malicious insiders. No active exploitation (KEV) or public POC has been identified at time of analysis. Vendor advisory available from ELECOM with remediation guidance.

Command Injection Wrc Be72Xsd B Wrc Be72Xsd Ba Wrc Be65Qsd B Wrc W702 B
NVD
CVSS 4.0
8.6
EPSS
0.2%
EPSS 0% CVSS 9.3
CRITICAL Act Now

OS command injection in ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 series) allows unauthenticated remote attackers to execute arbitrary system commands via crafted username parameter without authentication. The vulnerability affects multiple enterprise and consumer access point models running firmware v1.1.0-1.1.1, with public disclosure by JPCERT/CC and vendor advisory available from ELECOM. CVSS 4.0 score of 9.3 reflects critical severity with network attack vector, low complexity, and no privilege requirements, enabling complete system compromise of affected wireless infrastructure devices.

Command Injection Wrc Be72Xsd B Wrc Be72Xsd Ba +2
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated remote access to ELECOM wireless LAN access points (WRC-BE72XSD, WRC-BE65QSD, WRC-W702 models) allows attackers to perform administrative operations via specific URLs that bypass authentication (CWE-288). With CVSS 4.0 score 9.3 (AV:N/AC:L/PR:N), this represents a critical access control failure enabling complete device compromise over the network. EPSS data not available; no confirmed active exploitation (not in CISA KEV) or public POC identified at time of analysis, though the vendor advisory from ELECOM and JPCERT coordination suggests real-world discovery.

Information Disclosure Wrc Be72Xsd B Wrc Be72Xsd Ba +2
NVD
EPSS 0% CVSS 8.6
HIGH This Week

OS command injection in ELECOM wireless LAN access point devices allows authenticated administrators to execute arbitrary system commands via a crafted ping_ip_addr parameter. Affects multiple ELECOM WRC-series models including WRC-BE72XSD-B (v1.1.1 and earlier), WRC-BE65QSD-B (v1.1.0 and earlier), and WRC-W702-B (v1.1.0 and earlier). Despite the high CVSS 8.6 score, exploitation requires high-privilege (administrator) credentials, significantly limiting real-world risk to scenarios involving compromised admin accounts or malicious insiders. No active exploitation (KEV) or public POC has been identified at time of analysis. Vendor advisory available from ELECOM with remediation guidance.

Command Injection Wrc Be72Xsd B Wrc Be72Xsd Ba +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy