Identifier: JVNVU#97499577 Vulnerability: OS command injection Affected Products: - WRC-X3000GSN v1.0.2 - WRC-X3000GS v1.0.24 and earlier - WRC-X3000GSA v1.0.24 and earlier Description: Wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability (CWE-78). Impact: If a logged-in user with an administrative privilege sends a specially crafted request to the product, an arbitrary OS command may be executed. Solution: Update the firmware to the latest version according to the information provided by the developer. CVSS Scores: - CVSS v3: Base Score 6.8 - CVSS v2: Base Score 5.2 Vendor Status: ELECOM CO.,LTD. is Vulnerable Credit: Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.