CVE-2025-53472

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title CVE-2025-53472
Type cve
Published 2025-07-22T09:30:01.735Z
Modified 2025-07-22T09:30:01.735Z

Product Information

Vendor ELECOM CO.,LTD.
Product WRC-BE36QS-B
Version v1.1.3 and earlier

CVSS Information

Base Score 7.2 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected Products

  • ELECOM CO.,LTD. WRC-BE36QS-B v1.1.3 and earlier
  • ELECOM CO.,LTD. WRC-W701-B v1.1.3 and earlier

Additional Information

CWE List CWE-78
Source jpcert

Description

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.