8.8
CVE-2024-40883
- EPSS 0.23%
- Veröffentlicht 01.08.2024 02:15:02
- Zuletzt bearbeitet 26.11.2024 09:15:06
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elecom ≫ Wrc-2533gs2-b Firmware Version < 1.69
Elecom ≫ Wrc-2533gs2-w Firmware Version < 1.69
Elecom ≫ Wrc-2533gs2v-b Firmware Version < 1.69
Elecom ≫ Wrc-x6000xs-g Firmware Version < 1.12
Elecom ≫ Wrc-x1500gs-b Firmware Version < 1.12
Elecom ≫ Wrc-x1500gsa-b Firmware Version < 1.12
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.455 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| vultures@jpcert.or.jp | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.