CVE-2024-40883

high

Description

Cross-site request forgery vulnerability exists in ELECOM wireless LAN routers. Viewing a malicious page while logging in to the affected product with an administrative privilege, the user may be directed to perform unintended operations such as changing the login ID, login password, etc.

References

https://www.elecom.co.jp/news/security/20240730-01/

https://jvn.jp/en/jp/JVN06672778/

Details

Source: Mitre, NVD

Published: 2024-08-01

Updated: 2024-10-27

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High