Elecom CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Elecom CVE published 2026-02-03

CVE-2026-22550

CVE-2026-22550 is a high-severity OS command injection vulnerability affecting certain ELECOM wireless LAN products. According to the vendor and NVD records, a crafted request from a logged-in user may lead to arbitrary OS command execution. The affected firmware entries in NVD are for WRC-X1500GSA-B and WRC-X1500GS-B, both up to firmware 1.13.

MEDIUM Elecom CVE published 2024-08-30

CVE-2024-34577

CVE-2024-34577 is a cross-site scripting vulnerability in Elecom router firmware affecting the easysetup.cgi handler. If a user is logged in and then views a malicious web page, attacker-controlled script may execute in that user's browser.