These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-22550 is a high-severity OS command injection vulnerability affecting certain ELECOM wireless LAN products. According to the vendor and NVD records, a crafted request from a logged-in user may lead to arbitrary OS command execution. The affected firmware entries in NVD are for WRC-X1500GSA-B and WRC-X1500GS-B, both up to firmware 1.13.
CVE-2026-20704 is a cross-site request forgery issue affecting ELECOM wireless LAN products. The supplied NVD record says that if a user accesses a malicious page while logged in to the affected product, unintended operations may be performed. NVD classifies the weakness as CWE-352 and gives the issue a CVSS 5.1 MEDIUM rating. The NVD entry is marked with vulnerability status Deferred.
CVE-2024-34577 is a cross-site scripting vulnerability in Elecom router firmware affecting the easysetup.cgi handler. If a user is logged in and then views a malicious web page, attacker-controlled script may execute in that user's browser.
CVE-2024-29225 is a medium-severity information disclosure issue in ELECOM wireless LAN routers. According to the published descriptions, a network-adjacent unauthenticated attacker can send a specially crafted request and obtain the device configuration file, which may contain sensitive information. The vulnerability was published on 2024-04-04 and is mapped to CWE-552 (Files or Directories Accessible to [truncated]