ELECOM WRH-733GBK and WRH-733GWH OS Command Injection Vulnerability in miniigd SOAP Service

A vulnerability allowing OS command injection has been identified in the miniigd SOAP service of ELECOM wireless LAN routers WRH-733GBK and WRH-733GWH, all versions. This vulnerability allows remote, unauthenticated attackers to execute arbitrary OS commands by sending specially crafted requests to the affected devices.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected router.

Remediation

ELECOM advises users to stop using the WRH-733GBK and WRH-733GWH routers, as these products are no longer supported. For WRC-1167GHBK2-S users, the developer recommends switching to an alternative product. Until then, users can change the WebGUI login password, avoid accessing other websites while logged into the WebGUI, close the browser after use, and delete the saved WebGUI password from the browser.