Cross-Site Scripting Vulnerability in ELECOM LAN Router Firmware
CVE-2022-21799

5.2MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Elecom Lan Router
Vendor: CVE Published:; 8 February 2022

Summary

The ELECOM LAN router WRC-300FEBK-R is susceptible to a cross-site scripting vulnerability that allows attackers on the same network to inject arbitrary scripts through unspecified vectors. This can lead to potential exploitation, where unauthorized actions may be performed within the context of the browser, affecting the security and privacy of users connected to the router.

Affected Version(s)

ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier

References

https://www.elecom.co.jp/news/security/20220208-02/

x_refsource_MISC

https://jvn.jp/en/jp/JVN17482543/index.html

x_refsource_MISC

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 8, 2022
Vulnerability Reserved
Feb 1, 2022