jvndb-2024-000078
Vulnerability from jvndb
Published
2024-07-30 15:34
Modified
2024-07-30 15:34
Severity
Summary
Multiple vulnerabilities in ELECOM wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2024-34021
OS Command Injection (CWE-78)
CVE-2024-39607
Cross-Site Request Forgery (CWE-352)
CVE-2024-40883
CVE-2024-34021
Toyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-39607, CVE-2024-40883
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Type | URL |
---|---|
JVN | https://jvn.jp/en/jp/JVN06672778/ |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-34021 |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-39607 |
CVE | https://www.cve.org/CVERecord?id=CVE-2024-40883 |
Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html", "dc:date": "2024-07-30T15:34+09:00", "dcterms:issued": "2024-07-30T15:34+09:00", "dcterms:modified": "2024-07-30T15:34+09:00", "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\nUnrestricted Upload of File with Dangerous Type (CWE-434)\r\nCVE-2024-34021\r\nOS Command Injection (CWE-78)\r\nCVE-2024-39607\r\nCross-Site Request Forgery (CWE-352)\r\nCVE-2024-40883\r\n\r\nCVE-2024-34021\r\nToyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39607, CVE-2024-40883\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000078.html", "sec:cpe": [ { "#text": "cpe:/o:elecom:wrc-2533gs2-b_firmware", "@product": "WRC-2533GS2-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-2533gs2-w_firmware", "@product": "WRC-2533GS2-W", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-2533gs2v-b_firmware", "@product": "WRC-2533GS2V-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x1500GS-B", "@product": "WRC-X1500GS-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x1500GSA-B", "@product": "WRC-X1500GSA-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x6000xs-g_firmware", "@product": "WRC-X6000XS-G", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" } ], "sec:cvss": { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" }, "sec:identifier": "JVNDB-2024-000078", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN06672778/", "@id": "JVN#06672778", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34021", "@id": "CVE-2024-34021", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39607", "@id": "CVE-2024-39607", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2024-40883", "@id": "CVE-2024-40883", "@source": "CVE" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-352", "@title": "Cross-Site Request Forgery(CWE-352)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Multiple vulnerabilities in ELECOM wireless LAN routers" }
Loading...