CVE-2024-21798
Last modified
CVE-2024-21798 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. EPSS estimates a 1.29% chance of exploitation in the next 30 days.
Description
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Elecom | Wrc-1167gs2-B Firmware | < 1.73 |
| Elecom | Wrc-1167gs2h-B Firmware | < 1.73 |
| Elecom | Wrc-1167gst2 Firmware | < 1.34 |
| Elecom | Wrc-2533gs2-B Firmware | < 1.68 |
| Elecom | Wrc-2533gs2-W Firmware | < 1.68 |
| Elecom | Wrc-2533gs2v-B Firmware | < 1.68 |
| Elecom | Wrc-2533gst2 Firmware | < 1.31 |
| Elecom | Wrc-X3200gst3-B Firmware | < 1.27 |
| Elecom | Wrc-G01-W Firmware | < 1.26 |
| Elecom | Wmc-X1800gst-B Firmware | < 1.42 |
References
- https://jvn.jp/en/jp/JVN44166658/Third Party Advisory
- https://www.elecom.co.jp/news/security/20240220-01/Vendor Advisory
- https://jvn.jp/en/jp/JVN44166658/Third Party Advisory
- https://www.elecom.co.jp/news/security/20240220-01/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-21798?
How severe is CVE-2024-21798?
How do I fix CVE-2024-21798?
Are you affected by CVE-2024-21798?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST