Unintended Operations Threaten ELECOM Routers via Cross-Site Request Forgery
CVE-2024-40883

8.8HIGH

Key Information:

Vendor

Elecom Co.,ltd.

Status
Wrc-x1500gs-b
Wrc-x1500gsa-b
Wrc-x1800gs-b
Wrc-x1800gsa-b
Vendor
CVE Published:
1 August 2024

What is CVE-2024-40883?

A cross-site request forgery vulnerability has been identified in ELECOM wireless LAN routers that can potentially allow attackers to exploit user sessions. When an administrator logs into the router while visiting a malicious webpage, they could inadvertently perform actions such as changing their login credentials without their consent. This vulnerability poses significant risks, especially in environments where secure network management is critical. Users of the affected routers should take immediate action to secure their devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WRC-X1500GS-B v1.11 and earlier

WRC-X1500GSA-B v1.11 and earlier

WRC-X1800GS-B v1.18 and earlier

References

https://www.elecom.co.jp/news/security/20240730-01/
https://jvn.jp/en/jp/JVN06672778/

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.