CVE-2025-43877

MEDIUM

ELECOM WRC-1167GHBK2-S - Stored Cross-Site Scripting in WebGUI

Title source: llm
STIX 2.1

Description

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product.

References (2)

Core 2
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN39435597/

Scores

CVSS v3 5.4
EPSS 0.0019
EPSS Percentile 9.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
ELECOM CO.,LTD./WRC-1167GHBK2-S all versions
Published Jun 24, 2025
Tracked Since Feb 18, 2026