N/A

WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed.

N/A

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Elecom多款产品 操作系统命令注入漏洞

Elecom WRC-X3000GS等都是日本Elecom公司的一款路由器。 Elecom WRC-X3000GS、Elecom WRC-X3000GSA和Elecom WRC-X3000GSN存在操作系统命令注入漏洞，该漏洞源于Connection Diagnostics页面命令注入导致任意OS命令执行。

N/A

N/A