Cross-Site Scripting Flaw in ELECOM Wireless LAN Routers
CVE-2024-21798

4.8MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-1167gs2-b; Wrc-1167gs2h-b; Wrc-1167gst2; Wrc-2533gs2-b
Vendor: CVE Published:; 28 February 2024

Summary

ELECOM wireless LAN routers have a vulnerability that allows a malicious administrative user to configure the device with specially crafted content. This can lead to arbitrary script execution in the web browser of another administrative user who logs into the affected product. The issue can compromise the integrity of the network, highlighting the need for robust security measures and timely updates to prevent exploitation.

Affected Version(s)

WMC-X1800GST-B v1.41 and earlier

WRC-1167GS2-B v1.67 and earlier

WRC-1167GS2H-B v1.67 and earlier

References

https://www.elecom.co.jp/news/security/20240220-01/

https://jvn.jp/en/jp/JVN44166658/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 28, 2024