|
[Japanese]
|
JVNDB-2024-001061
|
ELECOM wireless LAN routers vulnerable to OS command injection
|
|
Multiple ELECOM wireless LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 6.8 (Medium) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 5.2 (Medium) [Other]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: Single Instance
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
ELECOM CO.,LTD.
- WRC-X1500GS-B v1.11 and earlier
- WRC-X1500GSA-B v1.11 and earlier
- WRC-X1800GS-B v1.17 and earlier
- WRC-X1800GSA-B v1.17 and earlier
- WRC-X1800GSH-B v1.17 and earlier
- WRC-X3000GS2-B firmware v1.08 and earlier
- WRC-X3000GS2-W firmware v1.08 and earlier
- WRC-X3000GS2A-B firmware v1.08 and earlier
- WRC-X6000XS-G v1.09
- WRC-X6000XST-G v1.12 and earlier
|
|
|
If a logged-in user with an administrative privilege sends a specially crafted request to the product, an arbitrary OS command may be executed.
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
|
|
ELECOM CO.,LTD.
|
|
- OS Command Injection(CWE-78) [Other]
|
|
- CVE-2024-22372
|
|
- JVN : JVNVU#90908488
- National Vulnerability Database (NVD) : CVE-2024-22372
|
|
- [2024/01/24]
Web page was published
- [2024/03/06]
References : Content was added
- [2024/07/31]
Affected Products : Products were added
- [2024/08/28]
Affected Products : Products were added
|
