CVE-2025-36519 is a medium-severity vulnerability affecting ELECOM CO.,LTD.'s wireless router models WRC-2533GST2 and WRC-1167GST2, specifically versions v1.31 and earlier. The vulnerability arises from an unrestricted file upload mechanism that fails to properly restrict the types of files that authenticated users can upload. This flaw allows a remote attacker with valid authentication credentials to upload specially crafted files containing malicious payloads. Because the device does not adequately validate or sanitize the uploaded file types, the attacker can execute arbitrary code on the affected router. This could lead to unauthorized control over the device, potentially allowing the attacker to manipulate network traffic, intercept sensitive data, or pivot to other devices on the network. The CVSS 3.0 base score is 4.3, indicating a medium severity level, with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This means the attack can be performed remotely over the network with low attack complexity, requires low privileges (authenticated user), no user interaction, and impacts the integrity of the device but not confidentiality or availability. No known exploits are currently reported in the wild, and no patches or mitigations have been officially published yet. The vulnerability is significant because routers are critical network infrastructure components, and compromise could have cascading effects on network security and privacy.

For European organizations, this vulnerability poses a risk primarily to network infrastructure security. Compromise of ELECOM WRC-2533GST2 or WRC-1167GST2 routers could allow attackers to execute arbitrary code, potentially leading to unauthorized network access, interception of sensitive communications, or disruption of network services. While the impact on confidentiality and availability is rated as none or low, the integrity impact could enable attackers to alter router configurations, redirect traffic, or create persistent backdoors. This is particularly concerning for organizations relying on these routers in sensitive environments such as corporate offices, government agencies, or critical infrastructure sectors. Given that the exploit requires authenticated access, insider threats or compromised credentials could facilitate exploitation. The lack of user interaction requirement increases the risk of automated attacks once credentials are obtained. Although no exploits are currently known in the wild, the vulnerability could be leveraged in targeted attacks or as part of a broader campaign to infiltrate organizational networks.

1. Immediately inventory and identify all ELECOM WRC-2533GST2 and WRC-1167GST2 devices running firmware version v1.31 or earlier within the network. 2. Restrict administrative access to these devices by enforcing strong authentication mechanisms, including multi-factor authentication where possible, to reduce the risk of credential compromise. 3. Implement network segmentation to isolate these routers from critical systems and sensitive data, limiting the potential impact of a compromised device. 4. Monitor router logs and network traffic for unusual file upload activities or unauthorized configuration changes that could indicate exploitation attempts. 5. Apply strict access control policies to limit which users can upload files or perform administrative functions on the routers. 6. Engage with ELECOM or authorized vendors to obtain firmware updates or patches addressing this vulnerability as soon as they become available. 7. As a temporary workaround, disable or restrict file upload functionalities if feasible, or implement additional filtering at network perimeter devices to detect and block malicious payloads. 8. Conduct regular security awareness training for administrators to recognize and prevent credential theft or misuse. These steps go beyond generic advice by focusing on access control hardening, network segmentation, and proactive monitoring tailored to the nature of this vulnerability.