CVE-2024-40883
Last modified
CVE-2024-40883 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Elecom | Wrc-2533gs2-B Firmware | < 1.69 |
| Elecom | Wrc-2533gs2-W Firmware | < 1.69 |
| Elecom | Wrc-2533gs2v-B Firmware | < 1.69 |
| Elecom | Wrc-X6000xs-G Firmware | < 1.12 |
| Elecom | Wrc-X1500gs-B Firmware | < 1.12 |
| Elecom | Wrc-X1500gsa-B Firmware | < 1.12 |
References
- https://jvn.jp/en/jp/JVN06672778/Third Party Advisory
- https://www.elecom.co.jp/news/security/20240730-01/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-40883?
How severe is CVE-2024-40883?
How do I fix CVE-2024-40883?
Are you affected by CVE-2024-40883?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST