Unintended Operations Threaten ELECOM Routers via Cross-Site Request Forgery
CVE-2024-40883

8.8HIGH

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-x1500gs-b; Wrc-x1500gsa-b; Wrc-x1800gs-b; Wrc-x1800gsa-b
Vendor: CVE Published:; 1 August 2024

Summary

A cross-site request forgery vulnerability has been identified in ELECOM wireless LAN routers that can potentially allow attackers to exploit user sessions. When an administrator logs into the router while visiting a malicious webpage, they could inadvertently perform actions such as changing their login credentials without their consent. This vulnerability poses significant risks, especially in environments where secure network management is critical. Users of the affected routers should take immediate action to secure their devices.

Affected Version(s)

WRC-X1500GS-B v1.11 and earlier

WRC-X1500GSA-B v1.11 and earlier

WRC-X1800GS-B v1.18 and earlier

References

https://www.elecom.co.jp/news/security/20240730-01/

https://jvn.jp/en/jp/JVN06672778/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2024
Vulnerability Reserved
Jul 26, 2024