Primary

Context

ELECOM Wireless LAN Products OS Command Injection Vulnerability

Vulnerability

Patched

A command injection vulnerability has been identified in ELECOM wireless LAN routers WRC-X1500GS-B and WRC-X1500GSA-B, both running firmware version 1.12 or earlier. This vulnerability allows a logged-in user to execute arbitrary operating system commands by sending a crafted request.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution by a logged-in user.

Remediation

Users are advised to update the firmware to version 1.13 or later. After updating, change the passwords for the admin page and Wi-Fi connection to strong, hard-to-guess ones.

Added: Feb 3, 2026, 7:20 AM

Updated: Feb 3, 2026, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

8.3

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

8.3

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ELECOM Wireless LAN Products OS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ELECOM WRC-X1500GS-B

ELECOM WRC-X1500GSA-B

ELECOM WAB-S733IW2-PD

ELECOM WAB-S733IW-AC

ELECOM WAB-S300IW2-PD

ELECOM WAB-S300IW-AC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating