CVE-2024-34021 - Vulnerability Details - OpenCVE

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Elecom	Wrc-2533gs2-b Firmware Wrc-2533gs2-w Firmware Wrc-2533gs2v-b Firmware Wrc-2533gst2 Firmware

No data.

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN06672778/
https://www.elecom.co.jp/news/security/20240730-01/

History

Tue, 26 Nov 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_0 `{'score': 6.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 09 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Elecom wrc-2533gst2 Firmware
CPEs		cpe:2.3:o:elecom:wrc-2533gst2_firmware::::::::
Vendors & Products		Elecom wrc-2533gst2 Firmware

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-08-01T01:15:56.174Z

Updated: 2024-11-26T08:04:03.424Z

Reserved: 2024-07-26T08:52:16.452Z

Link: CVE-2024-34021

Vulnrichment

Updated: 2024-08-01T13:32:37.592Z

NVD

Status : Awaiting Analysis

Published: 2024-08-01T02:15:01.873

Modified: 2024-11-26T09:15:06.077

Link: CVE-2024-34021

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34021", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-07-26T08:52:16.452Z", "datePublished": "2024-08-01T01:15:56.174Z", "dateUpdated": "2024-11-26T08:04:03.424Z"}, "containers": {"cna": {"affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-1167GST2", "versions": [{"version": "v1.32 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2V-B", "versions": [{"version": "v1.68 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-B", "versions": [{"version": "v1.68 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-W", "versions": [{"version": "v1.68 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GST2", "versions": [{"version": "v1.30 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."}], "problemTypes": [{"descriptions": [{"description": "Unrestricted upload of file with dangerous type", "lang": "en-US", "cweId": "CWE-434", "type": "CWE"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20240730-01/"}, {"url": "https://jvn.jp/en/jp/JVN06672778/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-26T08:04:03.424Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "affected": [{"vendor": "elecom", "product": "wrc-2533gs2v-b_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-2533gs2-b_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-2533gs2-w_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-2533gst2_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.30", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T13:31:32.438360Z", "id": "CVE-2024-34021", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T20:56:59.455Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34021", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T13:31:32.438360Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gs2v-b_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.68"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gs2-b_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.68"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gs2-w_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.68"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gst2_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.30"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T13:32:37.592Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-1167GST2", "versions": [{"status": "affected", "version": "v1.32 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2V-B", "versions": [{"status": "affected", "version": "v1.68 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-B", "versions": [{"status": "affected", "version": "v1.68 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-W", "versions": [{"status": "affected", "version": "v1.68 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GST2", "versions": [{"status": "affected", "version": "v1.30 and earlier"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20240730-01/"}, {"url": "https://jvn.jp/en/jp/JVN06672778/"}], "descriptions": [{"lang": "en", "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-434", "description": "Unrestricted upload of file with dangerous type"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-11-26T08:04:03.424Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34021", "state": "PUBLISHED", "dateUpdated": "2024-11-26T08:04:03.424Z", "dateReserved": "2024-07-26T08:52:16.452Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-08-01T01:15:56.174Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."}, {"lang": "es", "value": "Existe una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los enrutadores LAN inal\u00e1mbricos ELECOM. Un usuario que haya iniciado sesi\u00f3n con privilegios administrativos puede cargar un archivo especialmente manipulado en el producto afectado, lo que resultar\u00e1 en la ejecuci\u00f3n arbitraria de un comando del sistema operativo."}], "id": "CVE-2024-34021", "lastModified": "2024-11-26T09:15:06.077", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-01T02:15:01.873", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN06672778/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.elecom.co.jp/news/security/20240730-01/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Primary"}]}