CVE-2024-34577
4.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-X3000GS2-B | v1.08 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2-W | v1.08 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GS2A-B | v1.08 and earlier | affected |
| ELECOM CO.,LTD. | WRC-X3000GST2-B | v1.06 and earlier | affected |
Weaknesses
- CWE-79: Cross-site scripting (XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.