CVE-2024-23910
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
28/02/2024
Last modified:
22/04/2025
Description
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:* | 1.73 (excluding) | |
| cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:* | 1.73 (excluding) | |
| cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:* | 1.34 (excluding) | |
| cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:* | 1.68 (excluding) | |
| cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:* | 1.68 (excluding) | |
| cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:* | 1.68 (excluding) | |
| cpe:2.3:h:elecom:wrc-2533gs2v-b:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:* | 1.31 (excluding) | |
| cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:elecom:wrc-x3200gst3-b_firmware:*:*:*:*:*:*:*:* | 1.27 (excluding) |
To consult the complete list of CPE names with products and versions, see this page