Cross-Site Scripting Flaw in ELECOM Wireless LAN Routers
CVE-2024-21798

4.8MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-1167gs2-b; Wrc-1167gs2h-b; Wrc-1167gst2; Wrc-2533gs2-b
Vendor: CVE Published:; 28 February 2024

🔔 Create Elecom Co.,ltd. Vulnerability Alert

What is CVE-2024-21798?

ELECOM wireless LAN routers have a vulnerability that allows a malicious administrative user to configure the device with specially crafted content. This can lead to arbitrary script execution in the web browser of another administrative user who logs into the affected product. The issue can compromise the integrity of the network, highlighting the need for robust security measures and timely updates to prevent exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WMC-X1800GST-B v1.41 and earlier

WRC-1167GS2-B v1.67 and earlier

WRC-1167GS2H-B v1.67 and earlier

References

https://www.elecom.co.jp/news/security/20240220-01/

https://jvn.jp/en/jp/JVN44166658/

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 28, 2024

JSON

Elecom Co.,ltd.