Attackers Can Access Sensitive Information Through Specially Crafted Requests
CVE-2024-29225

4.3MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-x3200gst3-b; Wrc-g01-w
Vendor: CVE Published:; 4 April 2024

Summary

WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allow a network-adjacent unauthenticated attacker to obtain the configuration file containing sensitive information by sending a specially crafted request.

Affected Version(s)

WRC-G01-W v1.24 and earlier

WRC-X3200GST3-B v1.25 and earlier

References

https://www.elecom.co.jp/news/security/20240326-01/

https://jvn.jp/en/vu/JVNVU95381465/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 4, 2024