cbcvebase.
CVE-2024-23910
published 2024-02-28

CVE-2024-23910: Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the…

PriorityP346high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.25%
15.7th percentile
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".

Affected

22 ranges
VendorProductVersion rangeFixed in
elecomwmc-x1800gst-b_firmware< 1.421.42
elecomwrc-1167gs2-b_firmware< 1.731.73
elecomwrc-1167gs2h-b_firmware< 1.731.73
elecomwrc-1167gst2_firmware< 1.341.34
elecomwrc-2533gs2-b_firmware< 1.681.68
elecomwrc-2533gs2-w_firmware< 1.681.68
elecomwrc-2533gs2v-b_firmware< 1.681.68
elecomwrc-2533gst2_firmware< 1.311.31
elecomwrc-g01-w_firmware< 1.261.26
elecomwrc-x3200gst3-b_firmware< 1.271.27
elecomwsc-x1800gs-b_firmware< 1.421.42
elecom_co_ltdwmc-x1800gst-b
elecom_co_ltdwrc-1167gs2-b
elecom_co_ltdwrc-1167gs2h-b
elecom_co_ltdwrc-1167gst2
elecom_co_ltdwrc-2533gs2-b
elecom_co_ltdwrc-2533gs2-w
elecom_co_ltdwrc-2533gs2v-b
elecom_co_ltdwrc-2533gst2
elecom_co_ltdwrc-g01-w
elecom_co_ltdwrc-x3200gst3-b
elecom_co_ltdwsc-x1800gs-b

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.