Published:2024/08/27  Last Updated:2024/11/26

JVN#24885537
Multiple vulnerabilities in ELECOM wireless LAN routers and access points

Overview

Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities.

Products Affected

CVE-2024-34577

  • WRC-X3000GS2-B v1.08 and earlier
  • WRC-X3000GS2-W v1.08 and earlier
  • WRC-X3000GS2A-B v1.08 and earlier
CVE-2024-39300
  • WAB-I1750-PS v1.5.10 and earlier
CVE-2024-42412, CVE-2024-43689
  • WAB-I1750-PS v1.5.10 and earlier
  • WAB-M1775-PS v2.1.4 and earlier
  • WAB-S1167-PS v1.5.6 and earlier
  • WAB-S1775 v2.1.4 and earlier
  • WAB-S733MI v1.3.2 and earlier

Description

Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

  • Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi (CWE-79)
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1
    • CVE-2024-34577, CVE-2024-42412
  • Missing authentication in Telnet function (CWE-306)
    • CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.1
    • CVE-2024-39300
  • Stack-based buffer overflow due to an improper processing of input values in common.cgi (CWE-121)
    • CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8
    • CVE-2024-43689

Impact

  • If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser (CVE-2024-34577, CVE-2024-42412)
  • When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings (CVE-2024-39300)
  • By processing a specially crafted HTTP request, an arbitrary code may be executed (CVE-2024-43689)

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
ELECOM CO.,LTD. Vulnerable 2024/11/14 ELECOM CO.,LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2024-34577
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2024-39300
SASABE Tetsuro reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2024-42412, CVE-2024-43689
RyotaK of Flatt Security Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-34577
CVE-2024-39300
CVE-2024-42412
CVE-2024-43689
JVN iPedia JVNDB-2024-000088

Update History

2024/11/26
ELECOM CO.,LTD. update status
2024/11/26
Information under the section [Products Affected] was updated