CVE-2024-23910: CSRF
First published: Wed Feb 28 2024(Updated: )
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit "WMC-2LX-B".
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ELECOM wireless LAN router | ||
| ELECOM Wireless LAN Repeater | ||
| Elecom Wmc-x1800gst-b Firmware | ||
| Elecom WSC-X1800GS-B | ||
| ELECOM e-Mesh Starter Kit WMC-2LX-B | ||
| All of | ||
| Elecom Wrc-1167gs2-b | <1.73 | |
| Elecom Wrc-1167gs2-b Firmware | ||
| All of | ||
| Elecom WRC-1167GS2H-B | <1.73 | |
| Elecom Wrc-1167gs2h-b Firmware | ||
| All of | ||
| Elecom Wrc-1167gst2 Firmware | <1.34 | |
| Elecom Wrc-1167gst2 Firmware | ||
| All of | ||
| Elecom Wrc-2533gs2-b Firmware | <1.68 | |
| Elecom Wrc-2533gs2-b Firmware | ||
| All of | ||
| Elecom WRC-2533GS2-W | <1.68 | |
| Elecom WRC-2533GS2-W | ||
| All of | ||
| Elecom Wrc-2533gs2v-b Firmware | <1.68 | |
| Elecom Wrc-2533gs2v-b Firmware | ||
| All of | ||
| Elecom Wrc-2533gst2-g Firmware | <1.31 | |
| Elecom Wrc-2533gst2-g | ||
| All of | ||
| Elecom WRC-X3200GST3-B Firmware | <1.27 | |
| Elecom Wrc-x3200gst3-b Firmware | ||
| All of | ||
| Elecom Wrc-g01-w Firmware | <1.26 | |
| Elecom Wrc-g01-w Firmware | ||
| All of | ||
| Elecom WMC-X1800GST-B Firmware | <1.42 | |
| Elecom Wmc-x1800gst-b Firmware | ||
| All of | ||
| Elecom Wsc-x1800gs-b | <1.42 | |
| Elecom WSC-X1800GS-B |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-23910?
CVE-2024-23910 has been classified as a moderate severity cross-site request forgery (CSRF) vulnerability.
How can I fix CVE-2024-23910?
To mitigate CVE-2024-23910, update the affected ELECOM devices to the latest firmware version available.
Which devices are affected by CVE-2024-23910?
CVE-2024-23910 affects several ELECOM wireless LAN routers and wireless LAN repeaters, including models like WRC-1167GS2-B and WMC-X1800GST-B.
What kind of attack can exploit CVE-2024-23910?
CVE-2024-23910 can be exploited by remote unauthenticated attackers to perform unauthorized operations by hijacking the administrator's authentication.
Is authentication required to exploit CVE-2024-23910?
No, exploitation of CVE-2024-23910 does not require authentication, making it particularly concerning for affected devices.
- agent/references
- agent/author
- agent/type
- agent/first-publish-date
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/source
- agent/last-modified-date
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/elecom
- canonical/elecom wireless lan router
- canonical/elecom wireless lan repeater
- canonical/elecom wmc-x1800gst-b firmware
- canonical/elecom wsc-x1800gs-b
- canonical/elecom e-mesh starter kit wmc-2lx-b
- canonical/elecom wrc-1167gs2-b
- canonical/elecom wrc-1167gs2-b firmware
- canonical/elecom wrc-1167gs2h-b
- canonical/elecom wrc-1167gs2h-b firmware
- canonical/elecom wrc-1167gst2 firmware
- canonical/elecom wrc-2533gs2-b firmware
- canonical/elecom wrc-2533gs2-w
- canonical/elecom wrc-2533gs2v-b firmware
- canonical/elecom wrc-2533gst2-g firmware
- canonical/elecom wrc-2533gst2-g
- canonical/elecom wrc-x3200gst3-b firmware
- canonical/elecom wrc-g01-w firmware