Type a vendor name or a vulnerability id.



All the vulnerabilites related to ELECOM CO.,LTD. - WRC-X3000GS2-B firmware
jvndb-2024-000088
Vulnerability from jvndb
Published
2024-08-27 14:40
Modified
2024-08-27 14:40
Severity ?
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers and access points
Details
Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. * Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi (CWE-79) - CVE-2024-34577, CVE-2024-42412 * Missing authentication in Telnet function (CWE-306) - CVE-2024-39300 * Stack-based buffer overflow due to an improper processing of input values in common.cgi (CWE-121) - CVE-2024-43689 CVE-2024-34577 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-39300 SASABE Tetsuro reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-42412, CVE-2024-43689 RyotaK of Flatt Security Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000088.html",
  "dc:date": "2024-08-27T14:40+09:00",
  "dcterms:issued": "2024-08-27T14:40+09:00",
  "dcterms:modified": "2024-08-27T14:40+09:00",
  "description": "Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n* Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi (CWE-79) - CVE-2024-34577, CVE-2024-42412\r\n\r\n* Missing authentication in Telnet function (CWE-306) - CVE-2024-39300\r\n\r\n* Stack-based buffer overflow due to an improper processing of input values in common.cgi (CWE-121) - CVE-2024-43689\r\n\r\nCVE-2024-34577\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39300\r\nSASABE Tetsuro reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-42412, CVE-2024-43689\r\nRyotaK of Flatt Security Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000088.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:elecom:wab-i1750-ps",
      "@product": "WAB-I1750-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:elecom:wab-s1167-ps",
      "@product": "WAB-S1167-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
      "@product": "WRC-X3000GS2-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
      "@product": "WRC-X3000GS2-W firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
      "@product": "WRC-X3000GS2A-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000088",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN24885537/index.html",
      "@id": "JVN#24885537",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34577",
      "@id": "CVE-2024-34577",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39300",
      "@id": "CVE-2024-39300",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-42412",
      "@id": "CVE-2024-42412",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-43689",
      "@id": "CVE-2024-43689",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM wireless LAN routers and access points"
}

jvndb-2023-006588
Vulnerability from jvndb
Published
2023-11-15 18:27
Modified
2024-04-26 15:22
Severity ?
Summary
Multiple vulnerabilities in ELECOM and LOGITEC routers
Details
Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2023-43752 * Inadequate Encryption Strength (CWE-326) - CVE-2023-43757 CVE-2023-43752 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2023-43757 Katsuhiko Sato(a.k.a. goroh_kun), Yuya Adachi and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006588.html",
  "dc:date": "2024-04-26T15:22+09:00",
  "dcterms:issued": "2023-11-15T18:27+09:00",
  "dcterms:modified": "2024-04-26T15:22+09:00",
  "description": "Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n  * OS Command Injection (CWE-78) - CVE-2023-43752\r\n  * Inadequate Encryption Strength (CWE-326) - CVE-2023-43757\r\n\r\nCVE-2023-43752\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-43757\r\nKatsuhiko Sato(a.k.a. goroh_kun), Yuya Adachi and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006588.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:wrc-1167ghbk2_firmware",
      "@product": "WRC-1167GHBK2 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1167ghbk_firmware",
      "@product": "WRC-1167GHBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk-e_firmware",
      "@product": "WRC-1750GHBK-E firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk2-i_firmware",
      "@product": "WRC-1750GHBK2-I firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk_firmware",
      "@product": "WRC-1750GHBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-2533ghbk-i_firmware",
      "@product": "WRC-2533GHBK-I firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-2533ghbk2-t_firmware",
      "@product": "WRC-2533GHBK2-T firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300febk_firmware",
      "@product": "WRC-300FEBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300ghbk2-i_firmware",
      "@product": "WRC-300GHBK2-I firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300ghbk_firmware",
      "@product": "WRC-300GHBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733febk_firmware",
      "@product": "WRC-733FEBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733ghbk-c_firmware",
      "@product": "WRC-733GHBK-C firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733ghbk-i_firmware",
      "@product": "WRC-733GHBK-I firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733ghbk_firmware",
      "@product": "WRC-733GHBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf_firmware",
      "@product": "WRC-F1167ACF firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f300nf_firmware",
      "@product": "WRC-F300NF firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
      "@product": "WRC-X3000GS2-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
      "@product": "WRC-X3000GS2-W firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
      "@product": "WRC-X3000GS2A-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-150bk_firmware",
      "@product": "WRH-150BK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-150wh_firmware",
      "@product": "WRH-150WH firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300bk-s_firmware",
      "@product": "WRH-300BK-S firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300bk2-s_firmware",
      "@product": "WRH-300BK2-S firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300bk_firmware",
      "@product": "WRH-300BK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300rd_firmware",
      "@product": "WRH-300RD firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300sv_firmware",
      "@product": "WRH-300SV firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300wh-h_firmware",
      "@product": "WRH-300WH-H firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300wh-s_firmware",
      "@product": "WRH-300WH-S firmwware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300wh2-s_firmware",
      "@product": "WRH-300WH2-S firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-300wh_firmware",
      "@product": "WRH-300WH firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-h300bk_firmware",
      "@product": "WRH-H300BK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrh-h300wh_firmware",
      "@product": "WRH-H300WH firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fp_firmware",
      "@product": "LAN-W300N/P firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware",
      "@product": "LAN-W300N/RS firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w301nr_firmware",
      "@product": "LAN-W301NR firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fdgp_firmware",
      "@product": "LAN-WH300N/DGP firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300ndgpe_firmware",
      "@product": "LAN-WH300NDGPE firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-006588",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU94119876/index.html",
      "@id": "JVNVU#94119876",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-43752",
      "@id": "CVE-2023-43752",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-43757",
      "@id": "CVE-2023-43757",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43752",
      "@id": "CVE-2023-43752",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43757",
      "@id": "CVE-2023-43757",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/326.html",
      "@id": "CWE-326",
      "@title": "Inadequate Encryption Strength(CWE-326)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM and LOGITEC routers"
}

jvndb-2024-001061
Vulnerability from jvndb
Published
2024-01-24 17:16
Modified
2024-08-28 17:12
Severity ?
Summary
ELECOM wireless LAN routers vulnerable to OS command injection
Details
Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
  "dc:date": "2024-08-28T17:12+09:00",
  "dcterms:issued": "2024-01-24T17:16+09:00",
  "dcterms:modified": "2024-08-28T17:12+09:00",
  "description": "Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-001061.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:wrc-x1500GS-B",
      "@product": "WRC-X1500GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1500GSA-B",
      "@product": "WRC-X1500GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
      "@product": "WRC-X1800GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
      "@product": "WRC-X1800GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
      "@product": "WRC-X1800GSH-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
      "@product": "WRC-X3000GS2-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
      "@product": "WRC-X3000GS2-W firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
      "@product": "WRC-X3000GS2A-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
      "@product": "WRC-X6000XS-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
      "@product": "WRC-X6000XST-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2024-001061",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU90908488/index.html",
      "@id": "JVNVU#90908488",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-22372",
      "@id": "CVE-2024-22372",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-22372",
      "@id": "CVE-2024-22372",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "ELECOM wireless LAN routers vulnerable to OS command injection"
}

jvndb-2024-000078
Vulnerability from jvndb
Published
2024-07-30 15:34
Modified
2024-09-24 17:04
Severity ?
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type (CWE-434) CVE-2024-34021 OS Command Injection (CWE-78) CVE-2024-39607 Cross-Site Request Forgery (CWE-352) CVE-2024-40883 CVE-2024-34021 Toyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-39607, CVE-2024-40883 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
  "dc:date": "2024-09-24T17:04+09:00",
  "dcterms:issued": "2024-07-30T15:34+09:00",
  "dcterms:modified": "2024-09-24T17:04+09:00",
  "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\nUnrestricted Upload of File with Dangerous Type (CWE-434)\r\nCVE-2024-34021\r\nOS Command Injection (CWE-78)\r\nCVE-2024-39607\r\nCross-Site Request Forgery (CWE-352)\r\nCVE-2024-40883\r\n\r\nCVE-2024-34021\r\nToyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39607, CVE-2024-40883\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware",
      "@product": "WRC-2533GS2-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware",
      "@product": "WRC-2533GS2-W",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware",
      "@product": "WRC-2533GS2V-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1500GS-B",
      "@product": "WRC-X1500GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1500GSA-B",
      "@product": "WRC-X1500GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
      "@product": "WRC-X3000GS2-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
      "@product": "WRC-X3000GS2-W firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
      "@product": "WRC-X3000GS2A-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware",
      "@product": "WRC-X6000XS-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000xst-g_firmware",
      "@product": "WRC-X6000XST-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000078",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN06672778/",
      "@id": "JVN#06672778",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34021",
      "@id": "CVE-2024-34021",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39607",
      "@id": "CVE-2024-39607",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-40883",
      "@id": "CVE-2024-40883",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM wireless LAN routers"
}