CVE-2025-36519
📋 TL;DR
This vulnerability allows remote authenticated attackers to upload malicious files to affected ELECOM wireless routers, potentially leading to arbitrary code execution. Attackers must have valid credentials to exploit this flaw. The issue affects multiple WRC-series router models running firmware version 1.69 or earlier.
💻 Affected Systems
- WRC-2533GST2
- WRC-1167GST2
- WRC-2533GS2V-B
- WRC-2533GS2-B
- WRC-2533GS2-W
- WRC-1167GS2-B
- WRC-1167GS2H-B
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of the router allowing attackers to intercept network traffic, modify device configuration, pivot to internal networks, or establish persistent backdoors.
Likely Case
Router compromise leading to network disruption, credential theft, or deployment of malware to connected devices.
If Mitigated
Limited impact if proper network segmentation and access controls prevent lateral movement from compromised routers.
🎯 Exploit Status
Exploitation requires authenticated access to the router's web interface. The vulnerability is in file upload functionality without proper validation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v1.70 or later
Vendor Advisory: https://www.elecom.co.jp/news/security/20250624-01/
Restart Required: Yes
Instructions:
1. Log into router admin interface. 2. Navigate to firmware update section. 3. Download latest firmware from ELECOM support site. 4. Upload and apply firmware update. 5. Reboot router after update completes.
🔧 Temporary Workarounds
Restrict Admin Access
allLimit router admin interface access to trusted IP addresses only
Disable Remote Management
allTurn off WAN-side access to router administration interface
🧯 If You Can't Patch
- Segment affected routers on isolated network VLANs
- Implement strict firewall rules to limit router communication to management networks only
🔍 How to Verify
Check if Vulnerable:
Check router firmware version via admin interface. If version is 1.69 or earlier, device is vulnerable.Check Version:
Login to router web interface and check System Status or Firmware Information pageVerify Fix Applied:
Confirm firmware version is 1.70 or later in router admin interface.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to router admin interface
- Multiple failed login attempts followed by successful login and file upload
Network Indicators:
- Unexpected outbound connections from router
- Unusual traffic patterns from router to external IPs
SIEM Query:
source="router_logs" AND (event="file_upload" OR event="firmware_update") AND user!="admin_legitimate"