CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
17.7%
Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi (CWE-79) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-34577, CVE-2024-42412Missing authentication in Telnet function (CWE-306)CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.1 CVE-2024-39300Stack-based buffer overflow due to an improper processing of input values in common.cgi (CWE-121) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-43689
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
CVE-2024-34577
WRC-X3000GS2-B v1.08 and earlier
WRC-X3000GS2-W v1.08 and earlier
WRC-X3000GS2A-B v1.08 and earlier
CVE-2024-39300
WAB-I1750-PS v1.5.10 and earlier
CVE-2024-42412, CVE-2024-43689
WAB-I1750-PS v1.5.10 and earlier
WAB-S1167-PS v1.5.6 and earlier