CVE-2024-34021
6.8
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GST2 | v1.32 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GS2V-B | v1.68 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GS2-B | v1.68 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GS2-W | v1.68 and earlier | affected |
| ELECOM CO.,LTD. | WRC-2533GST2 | v1.30 and earlier | affected |
| ELECOM CO.,LTD. | WRC-1167GS2-B | v1.74 and earlier | affected |
| ELECOM CO.,LTD. | WRC-1167GS2H-B | v1.74 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3200GST3-B | v1.27 and earlier | affected |
| ELECOM CO.,LTD. | WRC-G01-W | v1.26 and earlier | affected |
| ELECOM CO.,LTD. | WMC-2LX-B | v1.42 and earlier | affected |
| ELECOM CO.,LTD. | WMC-X1800GST-B | v1.42 and earlier | affected |
Weaknesses
- CWE-434: Unrestricted upload of file with dangerous type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.