CVE-2024-40883

Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:elecom:wrc-x6000xs-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x6000xs-g:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:elecom:wrc-x1500gs-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x1500gs-b:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:elecom:wrc-x1500gsa-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x1500gsa-b:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-08-01 02:15

Updated : 2024-11-26 09:15


NVD link : CVE-2024-40883

Mitre link : CVE-2024-40883

CVE.ORG link : CVE-2024-40883


JSON object : View

Products Affected

elecom

  • wrc-2533gs2-w
  • wrc-x1500gs-b
  • wrc-x1500gs-b_firmware
  • wrc-x6000xs-g
  • wrc-x1500gsa-b
  • wrc-2533gs2-w_firmware
  • wrc-2533gs2v-b
  • wrc-x1500gsa-b_firmware
  • wrc-x6000xs-g_firmware
  • wrc-2533gs2-b
  • wrc-2533gs2v-b_firmware
  • wrc-2533gs2-b_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)