Japan Vulnerability NotesJVN:44166658JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater
Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
Cross-site Scripting (CWE-79) - CVE-2024-21798
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | Base Score: 4.8 |
| CVSS v2 | AV:N/AC:M/Au:S/C:N/I:P/A:N | Base Score: 3.5 |
Cross-Site Request Forgery (CWE-352) - CVE-2024-23910
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3 |
| CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Impact
- Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser - CVE-2024-21798
- If an administrative user logs in to the affected product and views a malicious page, it may trick the user to perform unintended operations to the affected product - CVE-2024-23910
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Products Affected
CVE-2024-21798
-
WRC-1167GS2-B v1.67 and earlier
-
WRC-1167GS2H-B v1.67 and earlier
-
WRC-2533GS2-B v1.62 and earlier
-
WRC-2533GS2-W v1.62 and earlier
-
WRC-2533GS2V-B v1.62 and earlier
-
WRC-X3200GST3-B v1.25 and earlier
-
WRC-G01-W v1.24 and earlier
-
WMC-X1800GST-B v1.41 and earlier
CVE-2024-23910 -
WRC-1167GS2-B v1.67 and earlier
-
WRC-1167GS2H-B v1.67 and earlier
-
WRC-2533GS2-B v1.62 and earlier
-
WRC-2533GS2-W v1.62 and earlier
-
WRC-2533GS2V-B v1.62 and earlier
-
WRC-X3200GST3-B v1.25 and earlier
-
WRC-G01-W v1.24 and earlier
-
WMC-X1800GST-B v1.41 and earlier
-
WSC-X1800GS-B v1.41 and earlier
WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit “WMC-2LX-B” provided by ELECOM CO.,LTD.
Related
