Lucene search

[email protected]NVD:CVE-2024-40883

HistoryAug 01, 2024 - 2:15 a.m.

CVE-2024-40883

2024-08-0102:15:02

CWE-352

[email protected]

web.nvd.nist.gov

cve-2024-40883

elecom

wireless lan

cross-site request forgery

routers

administrative privilege

unintended operations

security vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.

Affected configurations

Nvd

Node

elecomwrc-2533gs2-b_firmwareRange<1.69

AND

elecomwrc-2533gs2-bMatch-

Node

elecomwrc-2533gs2-w_firmwareRange<1.69

AND

elecomwrc-2533gs2-wMatch-

Node

elecomwrc-2533gs2v-b_firmwareRange<1.69

AND

elecomwrc-2533gs2v-bMatch-

Node

elecomwrc-x6000xs-g_firmwareRange<1.12

AND

elecomwrc-x6000xs-gMatch-

Node

elecomwrc-x1500gs-b_firmwareRange<1.12

AND

elecomwrc-x1500gs-b

Node

elecomwrc-x1500gsa-b_firmwareRange<1.12

AND

elecomwrc-x1500gsa-b

VendorProductVersionCPE
elecomwrc-2533gs2-b_firmware*cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-b-cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
elecomwrc-2533gs2-w_firmware*cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-w-cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*
elecomwrc-2533gs2v-b_firmware*cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2v-b-cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:*
elecomwrc-x6000xs-g_firmware*cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*
elecomwrc-x6000xs-g-cpe:2.3:h:elecom:wrc-x6000xs-g:-:*:*:*:*:*:*:*
elecomwrc-x1500gs-b_firmware*cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-x1500gs-b*cpe:2.3:h:elecom:wrc-x1500gs-b:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wrc-2533gs2-b_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-b_firmware::::::::
elecom	wrc-2533gs2-b	-	cpe:2.3:h:elecom:wrc-2533gs2-b:-:::::::*
elecom	wrc-2533gs2-w_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-w_firmware::::::::
elecom	wrc-2533gs2-w	-	cpe:2.3:h:elecom:wrc-2533gs2-w:-:::::::*
elecom	wrc-2533gs2v-b_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware::::::::
elecom	wrc-2533gs2v-b	-	cpe:2.3:h:elecom:wrc-2533gs2v-b:-:::::::*
elecom	wrc-x6000xs-g_firmware	*	cpe:2.3:o:elecom:wrc-x6000xs-g_firmware::::::::
elecom	wrc-x6000xs-g	-	cpe:2.3:h:elecom:wrc-x6000xs-g:-:::::::*
elecom	wrc-x1500gs-b_firmware	*	cpe:2.3:o:elecom:wrc-x1500gs-b_firmware::::::::
elecom	wrc-x1500gs-b	*	cpe:2.3:h:elecom:wrc-x1500gs-b::::::::

Rows per page:

1-10 of 121

References

jvn.jp/en/jp/JVN06672778/

www.elecom.co.jp/news/security/20240730-01/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2024-40883

vulnrichment1 cve1 cvelist1 jvn1