CVE-2024-23910

Published: Feb 28, 2024Modified: Apr 22, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".

Affected (11)

Products: Elecom: Wrc 1167gs2 B Firmware, Wrc 1167gs2h B Firmware, Wrc 1167gst2 Firmware, Wrc 2533gs2 B Firmware, Wrc 2533gs2 W Firmware, Wrc 2533gs2v B Firmware, Wrc 2533gst2 Firmware, Wrc X3200gst3 B Firmware, Wrc G01 W Firmware, Wmc X1800gst B Firmware, Wsc X1800gs B Firmware

Elecom

11 products

Wrc 1167gs2 B Firmware

Wrc 1167gs2h B Firmware

Wrc 1167gst2 Firmware

Wrc 2533gs2 B Firmware

Wrc 2533gs2 W Firmware

Wrc 2533gs2v B Firmware

Wrc 2533gst2 Firmware

Wrc X3200gst3 B Firmware

Wrc G01 W Firmware

Wmc X1800gst B Firmware

Wsc X1800gs B Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc 1167gs2 B Firmware	Before 1.73

Running on/with	Platform Versions
Elecom Wrc 1167gs2 B	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc 1167gs2h B Firmware	Before 1.73

Running on/with	Platform Versions
Elecom Wrc 1167gs2h B	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc 1167gst2 Firmware	Before 1.34

Running on/with	Platform Versions
Elecom Wrc 1167gst2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc 2533gs2 B Firmware	Before 1.68

Running on/with	Platform Versions
Elecom Wrc 2533gs2 B	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc 2533gs2 W Firmware	Before 1.68

Running on/with	Platform Versions
Elecom Wrc 2533gs2 W	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc 2533gs2v B Firmware	Before 1.68

Running on/with	Platform Versions
Elecom Wrc 2533gs2v B	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc 2533gst2 Firmware	Before 1.31

Running on/with	Platform Versions
Elecom Wrc 2533gst2	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc X3200gst3 B Firmware	Before 1.27

Running on/with	Platform Versions
Elecom Wrc X3200gst3 B	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrc G01 W Firmware	Before 1.26

Running on/with	Platform Versions
Elecom Wrc G01 W	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wmc X1800gst B Firmware	Before 1.42

Running on/with	Platform Versions
Elecom Wmc X1800gst B	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wsc X1800gs B Firmware	Before 1.42

Running on/with	Platform Versions
Elecom Wsc X1800gs B	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://jvn.jp/en/jp/JVN44166658/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.elecom.co.jp/news/security/20240220-01/

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN44166658/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.elecom.co.jp/news/security/20240220-01/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.