[Japanese]

JVNDB-2025-000041

Multiple vulnerabilities in ELECOM wireless LAN routers

Overview

Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

  • Unrestricted upload of file with dangerous type (CWE-434) - CVE-2025-36519

  • OS command injection in Connection Diagnostics page (CWE-78) - CVE-2025-41427

  • Stored cross-site scripting in WebGUI (CWE-79) - CVE-2025-43877

  • OS command injection in the telnet function (CWE-78) - CVE-2025-43879

  • OS command injection in miniigd SOAP service (CWE-78) - CVE-2025-48890


CVE-2025-36519
Tien Phan reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

CVE-2025-41427
Yoshiki Yuzawa of IssueHunt, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2025-43877
Kawauchi Manami of NEC Fielding,Ltd. and Toyama Taku of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2025-43879, CVE-2025-48890
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-43879

CVSS V3 Severity:
Base Metrics:9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-48890

CVSS V3 Severity:
Base Metrics:8.8 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-41427

CVSS V3 Severity:
Base Metrics:5.4 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-43877

CVSS V3 Severity:
Base Metrics:4.3 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-36519
Affected Products


ELECOM CO.,LTD.
  • WRC-1167GHBK2-S all versions (CVE-2025-43877)
  • WRC-1167GST2 firmware v1.34 and earlier (CVE-2025-36519)
  • WRC-2533GST2 firmware v1.31 and earlier (CVE-2025-36519)
  • WRC-X3000GS firmware v1.0.34 and earlier (CVE-2025-41427)
  • WRC-X3000GSA firmware v1.0.34 and earlier (CVE-2025-41427)
  • WRC-X3000GSN firmware v1.0.9 and earlier (CVE-2025-41427)
  • WRH-733GBK firmware all versions (CVE-2025-43879, CVE-2025-48890)
  • WRH-733GWH firmware all versions (CVE-2025-43879, CVE-2025-48890)

Impact

  • If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may be executed on the product (CVE-2025-36519)

  • If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed (CVE-2025-41427)

  • An arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product (CVE-2025-43877)

  • If a remote unauthenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed (CVE-2025-43879, CVE-2025-48890)
Solution

CVE-2025-36519, CVE-2025-41427
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

CVE-2025-43877
[Stop using the products]
The developer states that the vulnerable products are no longer supported, therefore recommends that users should stop using the products.
Applying the following workaround may mitigate the impact of this vulnerability until adopting the alternative products.
  • Change login password of WebGUI

  • Do not access other websites while logged in to WebGUI

  • Close the web browser after operating WebGUI

  • Delete a WebGUI's login password stored in the web browser

CVE-2025-43879, CVE-2025-48890
[Stop using the products]
The developer states that the vulnerable products are no longer supported, therefore recommends that users should stop using the products.
Vendor Information

ELECOM CO.,LTD.
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [IPA Evaluation]
  2. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-36519
  2. CVE-2025-41427
  3. CVE-2025-43877
  4. CVE-2025-43879
  5. CVE-2025-48890
References

  1. JVN : JVN#39435597
Revision History

  • [2025/06/24]
      Web page was published

Date Public2025/06/24
Date First Published2025/06/24
Date Last Updated2025/06/24