← Back

CVE-2024-21798

nvd nist
Published: Feb 28, 2024Modified: Feb 14, 2025

JSON object

Loading...
4.8
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Exploitability: 1.7 / Impact: 2.7
Source: NVD

Description

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".

Affected (10)

Elecom
10 products
Wrc 1167gs2 B Firmware
Wrc 1167gs2h B Firmware
Wrc 1167gst2 Firmware
Wrc 2533gs2 B Firmware
Wrc 2533gs2 W Firmware
Wrc 2533gs2v B Firmware
Wrc 2533gst2 Firmware
Wrc X3200gst3 B Firmware
Wrc G01 W Firmware
Wmc X1800gst B Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc 1167gs2 B Firmware
Before 1.73
Running on/withPlatform Versions
Elecom
Wrc 1167gs2 B
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc 1167gs2h B Firmware
Before 1.73
Running on/withPlatform Versions
Elecom
Wrc 1167gs2h B
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc 1167gst2 Firmware
Before 1.34
Running on/withPlatform Versions
Elecom
Wrc 1167gst2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc 2533gs2 B Firmware
Before 1.68
Running on/withPlatform Versions
Elecom
Wrc 2533gs2 B
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc 2533gs2 W Firmware
Before 1.68
Running on/withPlatform Versions
Elecom
Wrc 2533gs2 W
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc 2533gs2v B Firmware
Before 1.68
Running on/withPlatform Versions
Elecom
Wrc 2533gs2v B
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc 2533gst2 Firmware
Before 1.31
Running on/withPlatform Versions
Elecom
Wrc 2533gst2
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc X3200gst3 B Firmware
Before 1.27
Running on/withPlatform Versions
Elecom
Wrc X3200gst3 B
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wrc G01 W Firmware
Before 1.26
Running on/withPlatform Versions
Elecom
Wrc G01 W
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wmc X1800gst B Firmware
Before 1.42
Running on/withPlatform Versions
Elecom
Wmc X1800gst B
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.