fkie_nvd - fkie_cve-2025-53472

fkie_cve-2025-53472

Vulnerability from fkie_nvd

Published

2025-07-22 10:15

Modified

2025-07-22 13:05

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI.

References

▶	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU91615135/
	vultures@jpcert.or.jp	https://www.elecom.co.jp/news/security/20250722-01/

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WRC-BE36QS-B and WRC-W701-B contain an improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerability in WebGUI. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to WebGUI."
    },
    {
      "lang": "es",
      "value": "WRC-BE36QS-B y WRC-W701-B contienen una vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027Inyecci\u00f3n de comandos del sistema operativo\u0027) en WebGUI. Si se explota, un atacante remoto podr\u00eda ejecutar un comando arbitrario del sistema operativo al iniciar sesi\u00f3n en WebGUI."
    }
  ],
  "id": "CVE-2025-53472",
  "lastModified": "2025-07-22T13:05:40.573",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-22T10:15:25.280",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/vu/JVNVU91615135/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.elecom.co.jp/news/security/20250722-01/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Primary"
    }
  ]
}

CVE-2025-53472 (GCVE-0-2025-53472)

Vulnerability from cvelistv5

Published

2025-07-22 09:30

Modified

2025-07-22 19:52

Severity ?

7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-78 - Improper neutralization of special elements used in an OS command ('OS Command Injection')

Summary

References

►

URL

Tags

	https://www.elecom.co.jp/news/security/20250722-01/
	https://jvn.jp/en/vu/JVNVU91615135/

Impacted products

Vendor

Product

Version

►

ELECOM CO.,LTD.

WRC-BE36QS-B

Version: v1.1.3 and earlier

ELECOM CO.,LTD.

WRC-W701-B