CVE-2024-23910
published 2024-02-28CVE-2024-23910: Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the…
PriorityP346high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.25%
15.7th percentile
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elecom | wmc-x1800gst-b_firmware | < 1.42 | 1.42 |
| elecom | wrc-1167gs2-b_firmware | < 1.73 | 1.73 |
| elecom | wrc-1167gs2h-b_firmware | < 1.73 | 1.73 |
| elecom | wrc-1167gst2_firmware | < 1.34 | 1.34 |
| elecom | wrc-2533gs2-b_firmware | < 1.68 | 1.68 |
| elecom | wrc-2533gs2-w_firmware | < 1.68 | 1.68 |
| elecom | wrc-2533gs2v-b_firmware | < 1.68 | 1.68 |
| elecom | wrc-2533gst2_firmware | < 1.31 | 1.31 |
| elecom | wrc-g01-w_firmware | < 1.26 | 1.26 |
| elecom | wrc-x3200gst3-b_firmware | < 1.27 | 1.27 |
| elecom | wsc-x1800gs-b_firmware | < 1.42 | 1.42 |
| elecom_co_ltd | wmc-x1800gst-b | — | — |
| elecom_co_ltd | wrc-1167gs2-b | — | — |
| elecom_co_ltd | wrc-1167gs2h-b | — | — |
| elecom_co_ltd | wrc-1167gst2 | — | — |
| elecom_co_ltd | wrc-2533gs2-b | — | — |
| elecom_co_ltd | wrc-2533gs2-w | — | — |
| elecom_co_ltd | wrc-2533gs2v-b | — | — |
| elecom_co_ltd | wrc-2533gst2 | — | — |
| elecom_co_ltd | wrc-g01-w | — | — |
| elecom_co_ltd | wrc-x3200gst3-b | — | — |
| elecom_co_ltd | wsc-x1800gs-b | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-28
Published