CVE-2024-22372 in WRC-X1800GS-B
Summary
by MITRE • 01/24/2024
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/17/2025
The CVE-2024-22372 vulnerability represents a critical operating system command injection flaw discovered in ELECOM wireless LAN routers, specifically targeting models within the WRC-X1800GS-B, WRC-X1800GSA-B, WRC-X1800GSH-B, WRC-X6000XS-G, and WRC-X6000XST-G product lines. This vulnerability operates at the application layer and fundamentally stems from inadequate input validation mechanisms within the router's web administration interface. The flaw manifests when the device fails to properly sanitize user-supplied input parameters before incorporating them into system commands, creating a direct pathway for malicious command execution. According to CWE-77 and CWE-88 classifications, this vulnerability aligns with command injection patterns where untrusted data flows directly into operating system commands without proper sanitization or encoding.
The technical exploitation of this vulnerability requires an attacker to be network-adjacent to the affected router and possess administrative privileges, typically obtained through prior authentication. Once authenticated, the attacker can craft malicious HTTP requests containing specially formatted payloads that bypass input validation checks. These payloads are then processed by the router's backend system and executed as legitimate operating system commands, potentially allowing full system compromise. The vulnerability's impact extends beyond simple command execution to include complete system control, data exfiltration, and potential lateral movement within the network. The affected versions indicate a widespread issue across multiple router models, suggesting a systemic flaw in the firmware development process rather than isolated component failure.
From an operational perspective, this vulnerability presents significant risk to organizations relying on ELECOM routers for network infrastructure. The combination of network adjacency requirement with administrative privilege access creates a realistic attack vector for insider threats or adjacent network compromise scenarios. The vulnerability enables attackers to execute arbitrary code with root privileges, potentially leading to persistent backdoors, data breaches, or complete network takeover. Attackers can leverage this flaw to install malware, modify network configurations, redirect traffic, or establish covert communication channels. The impact aligns with ATT&CK technique T1059.001 for command and scripting interpreter and T1068 for exploit for privilege escalation, demonstrating how this vulnerability can serve as a foundation for broader compromise operations.
Organizations should immediately implement mitigation strategies including firmware updates from ELECOM, network segmentation to limit adjacent access, and enhanced monitoring of administrative access patterns. The vulnerability's classification as a high-severity issue according to CVSS v3.1 scoring indicates the need for urgent remediation. Security teams should also conduct comprehensive network audits to identify all affected devices and establish network-based intrusion detection rules targeting known exploit patterns. Additionally, implementing principle of least privilege for administrative access and regular security assessments can help reduce the attack surface and prevent exploitation of similar vulnerabilities in the future.