Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
References
| Link | Resource |
|---|---|
| https://jvn.jp/en/jp/JVN44166658/ | Third Party Advisory |
| https://www.elecom.co.jp/news/security/20240220-01/ | Vendor Advisory |
| https://jvn.jp/en/jp/JVN44166658/ | Third Party Advisory |
| https://www.elecom.co.jp/news/security/20240220-01/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
History
14 Feb 2025, 15:32
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-x3200gst3-b:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-g01-w:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wsc-x1800gs-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wmc-x1800gst-b:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wmc-x1800gst-b_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wsc-x1800gs-b:-:*:*:*:*:*:*:* |
|
| References | () https://jvn.jp/en/jp/JVN44166658/ - Third Party Advisory | |
| References | () https://www.elecom.co.jp/news/security/20240220-01/ - Vendor Advisory | |
| First Time |
Elecom wmc-x1800gst-b Firmware
Elecom Elecom wrc-2533gs2-w Elecom wrc-1167gs2h-b Firmware Elecom wrc-2533gs2v-b Firmware Elecom wrc-1167gs2-b Elecom wrc-2533gst2 Firmware Elecom wrc-2533gs2-b Firmware Elecom wrc-1167gst2 Firmware Elecom wrc-x3200gst3-b Elecom wrc-2533gst2 Elecom wrc-2533gs2-w Firmware Elecom wrc-x3200gst3-b Firmware Elecom wmc-x1800gst-b Elecom wrc-g01-w Firmware Elecom wsc-x1800gs-b Firmware Elecom wrc-1167gst2 Elecom wrc-2533gs2-b Elecom wrc-1167gs2h-b Elecom wrc-g01-w Elecom wrc-2533gs2v-b Elecom wrc-1167gs2-b Firmware Elecom wsc-x1800gs-b |
Information
Published : 2024-02-28 23:15
Updated : 2025-04-22 16:15
NVD link : CVE-2024-23910
Mitre link : CVE-2024-23910
CVE.ORG link : CVE-2024-23910
JSON object : View
Products Affected
elecom
- wrc-2533gs2v-b_firmware
- wsc-x1800gs-b
- wrc-1167gst2
- wrc-2533gs2-w
- wrc-2533gs2-w_firmware
- wrc-2533gst2_firmware
- wrc-g01-w_firmware
- wsc-x1800gs-b_firmware
- wrc-1167gs2h-b_firmware
- wrc-1167gs2h-b
- wrc-1167gs2-b
- wrc-2533gs2-b
- wrc-2533gs2-b_firmware
- wmc-x1800gst-b_firmware
- wmc-x1800gst-b
- wrc-1167gs2-b_firmware
- wrc-2533gst2
- wrc-g01-w
- wrc-x3200gst3-b
- wrc-x3200gst3-b_firmware
- wrc-1167gst2_firmware
- wrc-2533gs2v-b
CWE
CWE-352
Cross-Site Request Forgery (CSRF)