Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

June 24, 2025

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

In its latest vulnerability disclosure, JPCERT/CC has sounded the alarm on multiple critical security flaws affecting a range of wireless LAN routers manufactured by ELECOM CO., LTD. The vulnerabiliti …

Published Date:
Jun 25, 2025 (2 hours, 26 minutes ago)

Vulnerabilities has been mentioned in this article.

Source: Read More

Previous ArticleFlaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks

Next Article Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

Highlights

CVE-2025-6801 – Marvell QConvergeConsole Directory Traversal Arbitrary File Write Vulnerability

July 7, 2025

CVE ID : CVE-2025-6801

Published : July 7, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the saveNICParamsToFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of SYSTEM. Was ZDI-CAN-24921.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It

Rilasciato KDE Plasma 6.4: Un’esperienza desktop avanzata, intuitiva e funzionale

Rilasciata HeliumOS 10: Distribuzione GNU/Linux Atomica e Immutabile basata su AlmaLinux

Cisco IMC Vulnerability Attackers to Access Internal Services with Elevated Privileges

CVE-2025-6801 – Marvell QConvergeConsole Directory Traversal Arbitrary File Write Vulnerability

CVE-2025-52081 – Netgear XR300 Stack-Based Buffer Overflow Vulnerability

U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme

CVE-2025-6674 – Drupal CKEditor5 Youtube Cross-Site Scripting (XSS)

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

Critical Flaws in ELECOM Routers: JPCERT/CC Issues Warning Over Command Injection and XSS Risks

Related Posts