Published:2024/07/30  Last Updated:2024/11/26

JVN#06672778
Multiple vulnerabilities in ELECOM wireless LAN routers

Overview

Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities.

Products Affected

CVE-2024-34021

  • WRC-1167GST2 v1.32 and earlier
  • WRC-2533GS2V-B v1.68 and earlier
  • WRC-2533GS2-B v1.68 and earlier
  • WRC-2533GS2-W v1.68 and earlier
  • WRC-2533GST2 v1.30 and earlier
CVE-2024-39607, CVE-2024-40883
  • WRC-X6000XS-G v1.11 and earlier
  • WRC-X1500GS-B v1.11 and earlier
  • WRC-X1500GSA-B v1.11 and earlier
  • WRC-X1800GS-B v1.18 and earlier
  • WRC-X1800GSA-B v1.18 and earlier
  • WRC-X1800GSH-B v1.18 and earlier
  • WRC-X3000GS2-B v1.08 and earlier
  • WRC-X3000GS2-W v1.08 and earlier
  • WRC-X3000GS2A-B v1.08 and earlier
  • WRC-X6000XST-G v1.14 and earlier

Description

Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

  • Unrestricted Upload of File with Dangerous Type (CWE-434)
    • CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8
    • CVE-2024-34021
  • OS Command Injection (CWE-78)
    • CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 6.8
    • CVE-2024-39607
  • Cross-Site Request Forgery (CWE-352)
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Base Score 6.5
    • CVE-2024-40883

Impact

  • A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution (CVE-2024-34021)
  • A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command (CVE-2024-39607)
  • Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc. (CVE-2024-40883)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
ELECOM CO.,LTD. Vulnerable 2024/11/14 ELECOM CO.,LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2024-34021
Toyama Taku, and Daichi Arai of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2024-39607, CVE-2024-40883
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-34021
CVE-2024-39607
CVE-2024-40883
JVN iPedia JVNDB-2024-000078

Update History

2024/08/27
ELECOM CO.,LTD. update status
2024/08/27
Information under the section [Products Affected] was updated
2024/09/24
ELECOM CO.,LTD. update status
2024/09/24
Information under the section [Products Affected] was updated
2024/11/26
ELECOM CO.,LTD. update status
2024/11/26
Information under the section [Products Affected] was updated