CVE-2025-46267 - Vulnerability Details

Description

Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.

Published: 2025-07-22

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ELECOM CO.,LTD.

WRC-BE36QS-B

affected

Version	Status	Constraints
`v1.1.3 and earlier`	affected	—

ELECOM CO.,LTD.

WRC-W701-B

affected

Version	Status	Constraints
`v1.1.3 and earlier`	affected	—

No data.

Vendor	Product	Confidence	Versions
Elecom	Wrc-be36qs-b	—	—
Elecom	Wrc-w701-b	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-22308	Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00057.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://jvn.jp/en/vu/JVNVU91615135/
https://www.elecom.co.jp/news/security/20250722-01/

History

Wed, 23 Jul 2025 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Elecom Elecom wrc-be36qs-b Elecom wrc-w701-b
Vendors & Products		Elecom Elecom wrc-be36qs-b Elecom wrc-w701-b

Tue, 22 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 22 Jul 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI.
Weaknesses		CWE-912
References		https://jvn.jp/en/vu/JVNVU91615135/ https://www.elecom.co.jp/news/security/20250722-01/
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Elecom Wrc-be36qs-b Wrc-w701-b

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2025-07-22T09:30:21.865Z

Updated: 2025-07-22T19:52:13.258Z

Reserved: 2025-07-11T04:29:09.104Z

Link: CVE-2025-46267

Vulnrichment

Updated: 2025-07-22T19:52:07.384Z

NVD

Status : Deferred

Published: 2025-07-22T10:15:24.640

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-46267

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-23T17:36:05Z

Weaknesses

CWE-912

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object