CVE-2024-23910

Description

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".

References

Link	Tags
https://www.elecom.co.jp/news/security/20240220-01/	vendor advisory
https://jvn.jp/en/jp/JVN44166658/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-23910?: CVE-2024-23910 has been scored as a high severity vulnerability.
How to fix CVE-2024-23910?: To fix CVE-2024-23910, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-23910 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-23910 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-23910?: CVE-2024-23910 affects ELECOM CO.,LTD. WRC-1167GS2-B, ELECOM CO.,LTD. WRC-1167GS2H-B, ELECOM CO.,LTD. WRC-1167GST2, ELECOM CO.,LTD. WRC-2533GS2-B, ELECOM CO.,LTD. WRC-2533GS2-W, ELECOM CO.,LTD. WRC-2533GS2V-B, ELECOM CO.,LTD. WRC-2533GST2, ELECOM CO.,LTD. WRC-X3200GST3-B, ELECOM CO.,LTD. WRC-G01-W, ELECOM CO.,LTD. WMC-X1800GST-B, ELECOM CO.,LTD. WSC-X1800GS-B.

Description

Category

CWE-352 – Cross-Site Request Forgery (CSRF)

References

Frequently Asked Questions