CVE-2024-34577

Summary

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-X3000GS2-Bv1.08 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GS2-Wv1.08 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GS2A-Bv1.08 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GST2-Bv1.06 and earlieraffected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References