ГлавнаяУязвимости → CVE-2024-23910
8.8высокая

CVE-2024-23910

Описание

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".

Затрагиваемое ПО
Elecom Wrc-1167gs2-b firmwareElecom Wrc-1167gs2-bElecom Wrc-1167gs2h-b firmwareElecom Wrc-1167gs2h-bElecom Wrc-1167gst2 firmwareElecom Wrc-1167gst2Elecom Wrc-2533gs2-b firmwareElecom Wrc-2533gs2-bElecom Wrc-2533gs2-w firmwareElecom Wrc-2533gs2-wElecom Wrc-2533gs2v-b firmwareElecom Wrc-2533gs2v-bElecom Wrc-2533gst2 firmwareElecom Wrc-2533gst2Elecom Wrc-x3200gst3-b firmwareElecom Wrc-x3200gst3-bElecom Wrc-g01-w firmwareElecom Wrc-g01-wElecom Wmc-x1800gst-b firmwareElecom Wmc-x1800gst-bElecom Wsc-x1800gs-b firmwareElecom Wsc-x1800gs-b
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://jvn.jp/en/jp/JVN44166658/https://www.elecom.co.jp/news/security/20240220-01/https://jvn.jp/en/jp/JVN44166658/https://www.elecom.co.jp/news/security/20240220-01/