Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for wmc-x1800gst-b_firmware by elecom

    CVE-2024-23910 (GCVE-0-2024-23910)

    Vulnerability from nvd – Published: 2024-02-28 23:07 – Updated: 2025-04-22 15:54
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.25 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.41 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WSC-X1800GS-B Affected: v1.41 and earlier
    Create a notification for this product.
    elecom wrc-1167gs2-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gs2h-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2v-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x3200gst3-b_firmware Affected: elecom , < v1.25 (custom)
        cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-g01-w_firmware Affected: 0 , < v1.24 (custom)
        cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wmc-x1800gst-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wsc-x1800gs-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2h-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x3200gst3-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.25",
                    "status": "affected",
                    "version": "elecom",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-g01-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wmc-x1800gst-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wsc-x1800gs-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23910",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T20:40:19.820700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T15:54:59.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:13:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            },
            {
              "product": "WSC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:41.689Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-23910",
        "datePublished": "2024-02-28T23:07:02.324Z",
        "dateReserved": "2024-02-15T01:25:06.163Z",
        "dateUpdated": "2025-04-22T15:54:59.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21798 (GCVE-0-2024-21798)

    Vulnerability from nvd – Published: 2024-02-28 23:03 – Updated: 2024-11-26 08:07
    VLAI
    Summary
    ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21798",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T19:43:48.346433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T18:08:56.473Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:04.819Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-21798",
        "datePublished": "2024-02-28T23:03:39.483Z",
        "dateReserved": "2024-02-15T01:25:08.021Z",
        "dateUpdated": "2024-11-26T08:07:04.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23910 (GCVE-0-2024-23910)

    Vulnerability from cvelistv5 – Published: 2024-02-28 23:07 – Updated: 2025-04-22 15:54
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GS2-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GS2H-B Affected: v1.67 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GST2 Affected: v1.32 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2-W Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GS2V-B Affected: v1.62 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-2533GST2 Affected: v1.30 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-X3200GST3-B Affected: v1.25 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-G01-W Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WMC-X1800GST-B Affected: v1.41 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WSC-X1800GS-B Affected: v1.41 and earlier
    Create a notification for this product.
    elecom wrc-1167gs2-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gs2h-b Affected: 0 , < v1.67 (custom)
        cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2-w Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-2533gs2v-b Affected: 0 , < v1.62 (custom)
        cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-x3200gst3-b_firmware Affected: elecom , < v1.25 (custom)
        cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-g01-w_firmware Affected: 0 , < v1.24 (custom)
        cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wmc-x1800gst-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wsc-x1800gs-b Affected: 0 , < v1.41 (custom)
        cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gs2h-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.67",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2-w",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-2533gs2v-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-2533gs2v-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.62",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-x3200gst3-b_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.25",
                    "status": "affected",
                    "version": "elecom",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:elecom:wrc-g01-w_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-g01-w_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wmc-x1800gst-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wmc-x1800gst-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:elecom:wsc-x1800gs-b:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wsc-x1800gs-b",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "v1.41",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23910",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-05T20:40:19.820700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T15:54:59.591Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:13:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            },
            {
              "product": "WSC-X1800GS-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:41.689Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-23910",
        "datePublished": "2024-02-28T23:07:02.324Z",
        "dateReserved": "2024-02-15T01:25:06.163Z",
        "dateUpdated": "2025-04-22T15:54:59.591Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21798 (GCVE-0-2024-21798)

    Vulnerability from cvelistv5 – Published: 2024-02-28 23:03 – Updated: 2024-11-26 08:07
    VLAI
    Summary
    ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21798",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-14T19:43:48.346433Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T18:08:56.473Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.306Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20240220-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN44166658/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GS2H-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.67 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.32 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GS2V-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.62 and earlier"
                }
              ]
            },
            {
              "product": "WRC-2533GST2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.30 and earlier"
                }
              ]
            },
            {
              "product": "WRC-X3200GST3-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.25 and earlier"
                }
              ]
            },
            {
              "product": "WRC-G01-W",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WMC-X1800GST-B",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.41 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-26T08:07:04.819Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20240220-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN44166658/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-21798",
        "datePublished": "2024-02-28T23:03:39.483Z",
        "dateReserved": "2024-02-15T01:25:08.021Z",
        "dateUpdated": "2024-11-26T08:07:04.819Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }