Primary

Context

ELECOM Wireless LAN Routers OS Command Injection Vulnerability in WebGUI

Vulnerability

Patched

A command injection vulnerability has been identified in the WebGUI of certain ELECOM wireless LAN routers, specifically the WRC-BE36QS-B and WRC-W701-B models, both running firmware version 1.1.3 or earlier. This vulnerability allows a remote attacker with WebGUI access to execute arbitrary operating system commands on the router.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected router.

Remediation

Users are advised to update the router's firmware to version 2.1.3 or later. Instructions for checking the current firmware version are available on the ELECOM website.

Added: Jul 22, 2025, 10:29 AM

Updated: Jul 22, 2025, 1:35 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ELECOM Wireless LAN Routers OS Command Injection Vulnerability in WebGUI

Vulnerability

Impact

Remediation

Affected Products

ELECOM WRC-BE36QS-B

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating