8.8

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ElecomWrc-1167gs2-b Firmware Version < 1.73
   ElecomWrc-1167gs2-b Version-
ElecomWrc-1167gs2h-b Firmware Version < 1.73
   ElecomWrc-1167gs2h-b Version-
ElecomWrc-1167gst2 Firmware Version < 1.34
   ElecomWrc-1167gst2 Version-
ElecomWrc-2533gs2-b Firmware Version < 1.68
   ElecomWrc-2533gs2-b Version-
ElecomWrc-2533gs2-w Firmware Version < 1.68
   ElecomWrc-2533gs2-w Version-
ElecomWrc-2533gs2v-b Firmware Version < 1.68
   ElecomWrc-2533gs2v-b Version-
ElecomWrc-2533gst2 Firmware Version < 1.31
   ElecomWrc-2533gst2 Version-
ElecomWrc-x3200gst3-b Firmware Version < 1.27
   ElecomWrc-x3200gst3-b Version-
ElecomWrc-g01-w Firmware Version < 1.26
   ElecomWrc-g01-w Version-
ElecomWmc-x1800gst-b Firmware Version < 1.42
   ElecomWmc-x1800gst-b Version-
ElecomWsc-x1800gs-b Firmware Version < 1.42
   ElecomWsc-x1800gs-b Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.434
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vultures@jpcert.or.jp 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://jvn.jp/en/jp/JVN44166658/
Third Party Advisory