CVE-2024-34021

CVSS 6.8 MEDIUMEPSS 0.4%CWE-434

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 ago 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

ELECOM CO.,LTD. · WMC-2LX-B ELECOM CO.,LTD. · WMC-X1800GST-B ELECOM CO.,LTD. · WRC-1167GS2-B ELECOM CO.,LTD. · WRC-1167GS2H-B ELECOM CO.,LTD. · WRC-1167GST2 ELECOM CO.,LTD. · WRC-2533GS2-B ELECOM CO.,LTD. · WRC-2533GS2V-B ELECOM CO.,LTD. · WRC-2533GS2-W ELECOM CO.,LTD. · WRC-2533GST2 ELECOM CO.,LTD. · WRC-G01-W ELECOM CO.,LTD. · WRC-X3200GST3-B

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://jvn.jp/en/jp/JVN06672778/https://www.elecom.co.jp/news/security/20240730-01/