← volver
CVE-2024-40883

CVE-2024-40883

CVSS 6.5 MEDIUMEPSS 0.2%CWE-352
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Productos afectados
ELECOM CO.,LTD. · WRC-X1500GSA-BELECOM CO.,LTD. · WRC-X1500GS-BELECOM CO.,LTD. · WRC-X1800GSA-BELECOM CO.,LTD. · WRC-X1800GS-BELECOM CO.,LTD. · WRC-X1800GSH-BELECOM CO.,LTD. · WRC-X3000GS2A-BELECOM CO.,LTD. · WRC-X3000GS2-BELECOM CO.,LTD. · WRC-X3000GS2-WELECOM CO.,LTD. · WRC-X3000GST2-BELECOM CO.,LTD. · WRC-X6000QSA-GELECOM CO.,LTD. · WRC-X6000QS-GELECOM CO.,LTD. · WRC-X6000XS-GELECOM CO.,LTD. · WRC-X6000XST-GELECOM CO.,LTD. · WRC-XE5400GSA-GELECOM CO.,LTD. · WRC-XE5400GS-G

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://jvn.jp/en/jp/JVN06672778/https://www.elecom.co.jp/news/security/20240730-01/