JVN#24885537: Multiple vulnerabilities in ELECOM wireless LAN routers and access points

Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi (CWE-79) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2024-34577, CVE-2024-42412Missing authentication in Telnet function (CWE-306)CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.1 CVE-2024-39300Stack-based buffer overflow due to an improper processing of input values in common.cgi (CWE-121) CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 CVE-2024-43689

Impact

• If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user’s web browser (CVE-2024-34577, CVE-2024-42412)
• When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product’s settings (CVE-2024-39300)
• By processing a specially crafted HTTP request, an arbitrary code may be executed (CVE-2024-43689)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Products Affected

CVE-2024-34577

• WRC-X3000GS2-B v1.08 and earlier

• WRC-X3000GS2-W v1.08 and earlier

• WRC-X3000GS2A-B v1.08 and earlier
  CVE-2024-39300

• WAB-I1750-PS v1.5.10 and earlier
  CVE-2024-42412, CVE-2024-43689

• WAB-I1750-PS v1.5.10 and earlier

• WAB-S1167-PS v1.5.6 and earlier