CVE-2024-40883

Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
jpcertCNA
6.5 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
elecomwrc-2533gs2-b_firmware
𝑥
< 1.69
elecomwrc-2533gs2-w_firmware
𝑥
< 1.69
elecomwrc-2533gs2v-b_firmware
𝑥
< 1.69
elecomwrc-x6000xs-g_firmware
𝑥
< 1.12
elecomwrc-x1500gs-b_firmware
𝑥
< 1.12
elecomwrc-x1500gsa-b_firmware
𝑥
< 1.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/jp/JVN06672778/
https://www.elecom.co.jp/news/security/20240730-01/