Description

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".

Classification

CVE ID: CVE-2024-23910

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

Affected Products

Vendor: ELECOM CO.,LTD.

Product: WRC-1167GS2-B

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.elecom.co.jp/news/security/20240220-01/
https://jvn.jp/en/jp/JVN44166658/

Timeline