CVE-2024-40883

Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x6000xs-g:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x1500gs-b:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x1500gsa-b:*:*:*:*:*:*:*:*

History

23 Aug 2024, 16:52

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN06672778/ - () https://jvn.jp/en/jp/JVN06672778/ - Third Party Advisory
References () https://www.elecom.co.jp/news/security/20240730-01/ - () https://www.elecom.co.jp/news/security/20240730-01/ - Vendor Advisory
CPE cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x1500gsa-b:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x6000xs-g:-:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x1500gs-b:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*
CWE CWE-352
First Time Elecom wrc-2533gs2-w
Elecom wrc-2533gs2v-b Firmware
Elecom wrc-x1500gs-b Firmware
Elecom wrc-x6000xs-g Firmware
Elecom wrc-x1500gsa-b
Elecom wrc-x6000xs-g
Elecom
Elecom wrc-2533gs2-w Firmware
Elecom wrc-2533gs2-b Firmware
Elecom wrc-x1500gs-b
Elecom wrc-x1500gsa-b Firmware
Elecom wrc-2533gs2-b
Elecom wrc-2533gs2v-b
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

01 Aug 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross-site request forgery en los enrutadores LAN inalámbricos ELECOM. Al ver una página maliciosa mientras inicia sesión en el producto afectado con un privilegio administrativo, se puede dirigir al usuario a realizar operaciones no deseadas, como cambiar el ID de inicio de sesión, la contraseña de inicio de sesión, etc.

01 Aug 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-01 02:15

Updated : 2024-10-27 01:35


NVD link : CVE-2024-40883

Mitre link : CVE-2024-40883

CVE.ORG link : CVE-2024-40883


JSON object : View

Products Affected

elecom

  • wrc-x1500gs-b
  • wrc-2533gs2-b
  • wrc-2533gs2v-b
  • wrc-2533gs2-b_firmware
  • wrc-x1500gsa-b_firmware
  • wrc-x1500gsa-b
  • wrc-2533gs2v-b_firmware
  • wrc-x6000xs-g_firmware
  • wrc-x1500gs-b_firmware
  • wrc-2533gs2-w_firmware
  • wrc-x6000xs-g
  • wrc-2533gs2-w
CWE
CWE-352

Cross-Site Request Forgery (CSRF)