← back
CVE-2024-34021

CVE-2024-34021

CVSS 6.8 MEDIUMEPSS 0.4%CWE-434
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.8EPSS 0.4%KEV nãoPoC Patch
Lifecycle
01 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
ELECOM CO.,LTD. · WMC-2LX-BELECOM CO.,LTD. · WMC-X1800GST-BELECOM CO.,LTD. · WRC-1167GS2-BELECOM CO.,LTD. · WRC-1167GS2H-BELECOM CO.,LTD. · WRC-1167GST2ELECOM CO.,LTD. · WRC-2533GS2-BELECOM CO.,LTD. · WRC-2533GS2V-BELECOM CO.,LTD. · WRC-2533GS2-WELECOM CO.,LTD. · WRC-2533GST2ELECOM CO.,LTD. · WRC-G01-WELECOM CO.,LTD. · WRC-X3200GST3-B

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN06672778/https://www.elecom.co.jp/news/security/20240730-01/