Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN06672778/ | Third Party Advisory |
https://www.elecom.co.jp/news/security/20240730-01/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
No history.
Information
Published : 2024-08-01 02:15
Updated : 2024-11-26 09:15
NVD link : CVE-2024-40883
Mitre link : CVE-2024-40883
CVE.ORG link : CVE-2024-40883
JSON object : View
Products Affected
elecom
- wrc-2533gs2-w
- wrc-x1500gs-b
- wrc-x1500gs-b_firmware
- wrc-x6000xs-g
- wrc-x1500gsa-b
- wrc-2533gs2-w_firmware
- wrc-2533gs2v-b
- wrc-x1500gsa-b_firmware
- wrc-x6000xs-g_firmware
- wrc-2533gs2-b
- wrc-2533gs2v-b_firmware
- wrc-2533gs2-b_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)