CVE-2024-34021

Published: Aug 1, 2024Modified: Nov 26, 2024

6.8

Vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: vultures@jpcert.or.jp (Secondary)

Description

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://jvn.jp/en/jp/JVN06672778/

Source: vultures@jpcert.or.jp

https://www.elecom.co.jp/news/security/20240730-01/

Source: vultures@jpcert.or.jp

Timeline

No history available yet.