← back
CVE-2024-40883

CVE-2024-40883

CVSS 6.5 MEDIUMEPSS 0.2%CWE-352
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected products
ELECOM CO.,LTD. · WRC-X1500GSA-BELECOM CO.,LTD. · WRC-X1500GS-BELECOM CO.,LTD. · WRC-X1800GSA-BELECOM CO.,LTD. · WRC-X1800GS-BELECOM CO.,LTD. · WRC-X1800GSH-BELECOM CO.,LTD. · WRC-X3000GS2A-BELECOM CO.,LTD. · WRC-X3000GS2-BELECOM CO.,LTD. · WRC-X3000GS2-WELECOM CO.,LTD. · WRC-X3000GST2-BELECOM CO.,LTD. · WRC-X6000QSA-GELECOM CO.,LTD. · WRC-X6000QS-GELECOM CO.,LTD. · WRC-X6000XS-GELECOM CO.,LTD. · WRC-X6000XST-GELECOM CO.,LTD. · WRC-XE5400GSA-GELECOM CO.,LTD. · WRC-XE5400GS-G

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN06672778/https://www.elecom.co.jp/news/security/20240730-01/