CVE-2024-40883

EUVD-2024-38703
Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
jpcertCNA
6.5 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
elecomwrc-2533gs2-b_firmware
𝑥
< 1.69
elecomwrc-2533gs2-w_firmware
𝑥
< 1.69
elecomwrc-2533gs2v-b_firmware
𝑥
< 1.69
elecomwrc-x6000xs-g_firmware
𝑥
< 1.12
elecomwrc-x1500gs-b_firmware
𝑥
< 1.12
elecomwrc-x1500gsa-b_firmware
𝑥
< 1.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN06672778/
https://www.elecom.co.jp/news/security/20240730-01/