CVE-2024-21798: XSS
First published: Wed Feb 28 2024(Updated: )
ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit "WMC-2LX-B".
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elecom Wmc-x1800gst-b Firmware | ||
| ELECOM e-Mesh Starter Kit WMC-2LX-B | ||
| All of | ||
| Elecom Wrc-1167gs2-b | <1.73 | |
| Elecom Wrc-1167gs2-b Firmware | ||
| All of | ||
| Elecom WRC-1167GS2H-B | <1.73 | |
| Elecom Wrc-1167gs2h-b Firmware | ||
| All of | ||
| Elecom Wrc-1167gst2 Firmware | <1.34 | |
| Elecom Wrc-1167gst2 Firmware | ||
| All of | ||
| Elecom Wrc-2533gs2-b Firmware | <1.68 | |
| Elecom Wrc-2533gs2-b Firmware | ||
| All of | ||
| Elecom WRC-2533GS2-W | <1.68 | |
| Elecom WRC-2533GS2-W | ||
| All of | ||
| Elecom Wrc-2533gs2v-b Firmware | <1.68 | |
| Elecom Wrc-2533gs2v-b Firmware | ||
| All of | ||
| Elecom Wrc-2533gst2-g Firmware | <1.31 | |
| Elecom Wrc-2533gst2-g | ||
| All of | ||
| Elecom WRC-X3200GST3-B Firmware | <1.27 | |
| Elecom Wrc-x3200gst3-b Firmware | ||
| All of | ||
| Elecom Wrc-g01-w Firmware | <1.26 | |
| Elecom Wrc-g01-w Firmware | ||
| All of | ||
| Elecom WMC-X1800GST-B Firmware | <1.42 | |
| Elecom Wmc-x1800gst-b Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-21798?
CVE-2024-21798 is classified as a cross-site scripting vulnerability in ELECOM wireless LAN routers.
How do I fix CVE-2024-21798?
To mitigate CVE-2024-21798, administrators should upgrade to the latest firmware version that addresses this vulnerability.
Which devices are affected by CVE-2024-21798?
CVE-2024-21798 affects several models of ELECOM wireless LAN routers, including WRC-1167GS2-B and WRC-2533GS2-B, among others.
What can an attacker do with CVE-2024-21798?
An attacker exploiting CVE-2024-21798 can execute arbitrary scripts on the web browser of a logged-in administrative user.
Is CVE-2024-21798 related to network security?
Yes, CVE-2024-21798 poses a risk to network security as it targets administrative interfaces of wireless LAN routers.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/severity
- agent/last-modified-date
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/elecom
- canonical/elecom wmc-x1800gst-b firmware
- canonical/elecom e-mesh starter kit wmc-2lx-b
- canonical/elecom wrc-1167gs2-b
- canonical/elecom wrc-1167gs2-b firmware
- canonical/elecom wrc-1167gs2h-b
- canonical/elecom wrc-1167gs2h-b firmware
- canonical/elecom wrc-1167gst2 firmware
- canonical/elecom wrc-2533gs2-b firmware
- canonical/elecom wrc-2533gs2-w
- canonical/elecom wrc-2533gs2v-b firmware
- canonical/elecom wrc-2533gst2-g firmware
- canonical/elecom wrc-2533gst2-g
- canonical/elecom wrc-x3200gst3-b firmware
- canonical/elecom wrc-g01-w firmware