Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN06672778/ | Third Party Advisory |
https://www.elecom.co.jp/news/security/20240730-01/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
23 Aug 2024, 16:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-x1500gsa-b:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-x6000xs-g:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-x1500gs-b:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:* |
|
CWE | CWE-352 | |
First Time |
Elecom wrc-2533gs2-w
Elecom wrc-2533gs2v-b Firmware Elecom wrc-x1500gs-b Firmware Elecom wrc-x6000xs-g Firmware Elecom wrc-x1500gsa-b Elecom wrc-x6000xs-g Elecom Elecom wrc-2533gs2-w Firmware Elecom wrc-2533gs2-b Firmware Elecom wrc-x1500gs-b Elecom wrc-x1500gsa-b Firmware Elecom wrc-2533gs2-b Elecom wrc-2533gs2v-b |
|
References | () https://jvn.jp/en/jp/JVN06672778/ - Third Party Advisory | |
References | () https://www.elecom.co.jp/news/security/20240730-01/ - Vendor Advisory |
01 Aug 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Aug 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-01 02:15
Updated : 2024-10-27 01:35
NVD link : CVE-2024-40883
Mitre link : CVE-2024-40883
CVE.ORG link : CVE-2024-40883
JSON object : View
Products Affected
elecom
- wrc-x1500gsa-b
- wrc-2533gs2-w_firmware
- wrc-2533gs2-b
- wrc-x6000xs-g_firmware
- wrc-x1500gs-b
- wrc-2533gs2-b_firmware
- wrc-2533gs2v-b_firmware
- wrc-x6000xs-g
- wrc-x1500gs-b_firmware
- wrc-2533gs2v-b
- wrc-x1500gsa-b_firmware
- wrc-2533gs2-w
CWE
CWE-352
Cross-Site Request Forgery (CSRF)