{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34021", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-07-26T08:52:16.452Z", "datePublished": "2024-08-01T01:15:56.174Z", "dateUpdated": "2024-09-09T20:56:59.455Z"}, "containers": {"cna": {"affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2V-B", "versions": [{"version": "v1.68 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-B", "versions": [{"version": "v1.68 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-W", "versions": [{"version": "v1.68 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GST2", "versions": [{"version": "v1.30 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."}], "problemTypes": [{"descriptions": [{"description": "Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20240730-01/"}, {"url": "https://jvn.jp/en/jp/JVN06672778/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-09-09T06:22:05.653Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "affected": [{"vendor": "elecom", "product": "wrc-2533gs2v-b_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-2533gs2-b_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-2533gs2-w_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.68", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-2533gst2_firmware", "cpes": ["cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.30", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T13:31:32.438360Z", "id": "CVE-2024-34021", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-09T20:56:59.455Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-34021", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T13:31:32.438360Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:elecom:wrc-2533gs2v-b_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gs2v-b_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.68"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gs2-b_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.68"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gs2-w_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.68"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-2533gst2_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.30"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T13:32:37.592Z"}}], "cna": {"affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2V-B", "versions": [{"status": "affected", "version": "v1.68 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-B", "versions": [{"status": "affected", "version": "v1.68 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GS2-W", "versions": [{"status": "affected", "version": "v1.68 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-2533GST2", "versions": [{"status": "affected", "version": "v1.30 and earlier"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20240730-01/"}, {"url": "https://jvn.jp/en/jp/JVN06672778/"}], "descriptions": [{"lang": "en", "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-09-09T06:22:05.653Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34021", "state": "PUBLISHED", "dateUpdated": "2024-09-09T20:56:59.455Z", "dateReserved": "2024-07-26T08:52:16.452Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-08-01T01:15:56.174Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."}, {"lang": "es", "value": "Existe una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los enrutadores LAN inal\u00e1mbricos ELECOM. Un usuario que haya iniciado sesi\u00f3n con privilegios administrativos puede cargar un archivo especialmente manipulado en el producto afectado, lo que resultar\u00e1 en la ejecuci\u00f3n arbitraria de un comando del sistema operativo."}], "id": "CVE-2024-34021", "lastModified": "2024-08-01T14:35:09.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-01T02:15:01.873", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN06672778/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.elecom.co.jp/news/security/20240730-01/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}