CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40883
https://notcve.org/view.php?id=CVE-2024-40883
01 Aug 2024 — Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. Existe una vulnerabilidad de Cross-site request forgery en los enrutadores LAN inalámbricos ELECOM. Al ver una página maliciosa mientras inicia sesión en el producto afectado con un privilegio administrativo, se puede diri... • https://jvn.jp/en/jp/JVN06672778 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-34021
https://notcve.org/view.php?id=CVE-2024-34021
01 Aug 2024 — Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution. Existe una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los enrutadores LAN inalámbricos ELECOM. Un usuario que haya iniciado sesión con privilegios administrativos puede cargar un archivo especialmente manipulado... • https://jvn.jp/en/jp/JVN06672778 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-25579
https://notcve.org/view.php?id=CVE-2024-25579
28 Feb 2024 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de inyección de comandos del sistema operativo en enrutadores LAN inalámbricos ELECOM permite que un atacante adyacente a la red con privilegios administrativos ejecute comandos arbitrarios del s... • https://jvn.jp/en/vu/JVNVU99444194 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23910
https://notcve.org/view.php?id=CVE-2024-23910
28 Feb 2024 — Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B". La vulnerabilidad de Cross-Site Request Forgery (CSRF) en los enrutadores LAN inalámbricos ELECOM permite a un atacante remoto no autenticado secuestrar la auten... • https://jvn.jp/en/jp/JVN44166658 • CWE-352: Cross-Site Request Forgery (CSRF) •