CVE-2025-43877 is a stored cross-site scripting (XSS) vulnerability identified in the WebGUI interface of ELECOM CO.,LTD.'s WRC-1167GHBK2-S wireless router. This vulnerability affects all versions of the product. Stored XSS occurs when malicious scripts are permanently stored on the target server—in this case, within the router's web management interface—and subsequently executed in the browsers of users who access the affected WebGUI. Exploitation requires a user with at least limited privileges (as indicated by the CVSS vector requiring privileges) to interact with the interface, and user interaction is necessary to trigger the malicious script execution. The vulnerability allows an attacker to inject arbitrary JavaScript code that executes in the context of the victim's browser session, potentially leading to session hijacking, unauthorized actions on the router's interface, or theft of sensitive information such as authentication tokens. The CVSS score of 5.4 (medium severity) reflects the moderate impact on confidentiality and integrity, no impact on availability, and the requirement for user interaction and privileges for exploitation. The vulnerability has not been reported to be exploited in the wild, and no patches or mitigations have been officially released at the time of publication. The scope is considered changed (S:C), indicating that exploitation could affect resources beyond the vulnerable component, such as the router's administrative functions or connected network devices. Given the nature of the device as a network router, successful exploitation could undermine network security and management, especially if administrative users are targeted.

For European organizations, the impact of this vulnerability can be significant, particularly for those relying on ELECOM's WRC-1167GHBK2-S routers in their network infrastructure. Exploitation could allow attackers to execute arbitrary scripts within the administrative interface, potentially leading to unauthorized configuration changes, exposure of sensitive network information, or pivoting attacks within the internal network. This could compromise the confidentiality and integrity of network management operations and potentially facilitate further attacks such as lateral movement or data exfiltration. Organizations with remote or distributed management of network devices are especially at risk if administrative users access the WebGUI from less secure environments. The vulnerability's requirement for user interaction and privileges somewhat limits the attack surface but does not eliminate risk, especially in environments where multiple administrators or users have access to the router's interface. Additionally, the lack of patches increases the window of exposure. Given the router's role in managing network traffic, any compromise could disrupt business operations indirectly by undermining network security and trust.

1. Restrict access to the router's WebGUI interface to trusted administrative networks only, using network segmentation and firewall rules to limit exposure. 2. Enforce strong authentication mechanisms and limit the number of users with administrative privileges to reduce the risk of exploitation. 3. Implement multi-factor authentication (MFA) for accessing the router's management interface if supported. 4. Monitor administrative access logs for unusual activity that could indicate attempted exploitation. 5. Educate administrators about the risks of interacting with untrusted content or links while logged into the router's WebGUI. 6. Where possible, disable or limit the use of the WebGUI interface and manage the router via more secure methods such as SSH or dedicated management tools. 7. Regularly check for firmware updates or security advisories from ELECOM and apply patches promptly once available. 8. Employ web application firewalls (WAF) or intrusion detection/prevention systems (IDS/IPS) that can detect and block XSS payloads targeting the router's management interface. 9. Conduct periodic security assessments of network devices to identify and remediate similar vulnerabilities proactively.