Cross-Site Request Forgery Vulnerability in ELECOM Wireless LAN Routers and Repeaters
CVE-2024-23910

8.8HIGH

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-1167gs2-b; Wrc-1167gs2h-b; Wrc-1167gst2; Wrc-2533gs2-b
Vendor: CVE Published:; 28 February 2024

Summary

A cross-site request forgery vulnerability exists in ELECOM wireless LAN routers and wireless LAN repeaters, allowing a remote unauthorized attacker to hijack administrative sessions. This vulnerability enables attackers to perform unauthorized actions without proper authentication, potentially compromising the devices’ security. It affects several models, including WMC-X1800GST-B and WSC-X1800GS-B, which are part of the e-Mesh Starter Kit 'WMC-2LX-B'.

Affected Version(s)

WMC-X1800GST-B v1.41 and earlier

WRC-1167GS2-B v1.67 and earlier

WRC-1167GS2H-B v1.67 and earlier

References

https://www.elecom.co.jp/news/security/20240220-01/

https://jvn.jp/en/jp/JVN44166658/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2024