CVE-2026-20704

MEDIUM

WRC-X1500GS-B/WRC-X1500GSA-B - CSRF

Title source: llm

Description

Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malicious page while logged-in to the affected product, unintended operations may be performed.

References (2)

[Various Sources] https://www.elecom.co.jp/news/security/20260203-01/

[Third Party Advisory] https://jvn.jp/en/jp/JVN94012927/

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

ELECOM CO.,LTD./WRC-X1500GS-B v1.12 and earlier versions

ELECOM CO.,LTD./WRC-X1500GSA-B v1.12 and earlier versions

Published Feb 03, 2026

Tracked Since Feb 18, 2026