Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN06672778/ | Third Party Advisory |
https://www.elecom.co.jp/news/security/20240730-01/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
23 Aug 2024, 16:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN06672778/ - Third Party Advisory | |
References | () https://www.elecom.co.jp/news/security/20240730-01/ - Vendor Advisory | |
CPE | cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-x1500gsa-b:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-x6000xs-g:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-x1500gs-b:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-352 | |
First Time |
Elecom wrc-2533gs2-w
Elecom wrc-2533gs2v-b Firmware Elecom wrc-x1500gs-b Firmware Elecom wrc-x6000xs-g Firmware Elecom wrc-x1500gsa-b Elecom wrc-x6000xs-g Elecom Elecom wrc-2533gs2-w Firmware Elecom wrc-2533gs2-b Firmware Elecom wrc-x1500gs-b Elecom wrc-x1500gsa-b Firmware Elecom wrc-2533gs2-b Elecom wrc-2533gs2v-b |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
01 Aug 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Aug 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-01 02:15
Updated : 2024-10-27 01:35
NVD link : CVE-2024-40883
Mitre link : CVE-2024-40883
CVE.ORG link : CVE-2024-40883
JSON object : View
Products Affected
elecom
- wrc-x1500gs-b
- wrc-2533gs2-b
- wrc-2533gs2v-b
- wrc-2533gs2-b_firmware
- wrc-x1500gsa-b_firmware
- wrc-x1500gsa-b
- wrc-2533gs2v-b_firmware
- wrc-x6000xs-g_firmware
- wrc-x1500gs-b_firmware
- wrc-2533gs2-w_firmware
- wrc-x6000xs-g
- wrc-2533gs2-w
CWE
CWE-352
Cross-Site Request Forgery (CSRF)