Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 26 Nov 2024 08:15:00 +0000

Type Values Removed Values Added
Description Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
Metrics cvssV3_0

{'score': 6.1, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Tue, 03 Sep 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Elecom
Elecom wab-i1750-ps
Elecom wab-i1750-ps Firmware
Elecom wab-s1167-ps
Elecom wab-s1167-ps Firmware
Weaknesses CWE-79
CPEs cpe:2.3:h:elecom:wab-i1750-ps:-:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wab-s1167-ps:-:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wab-i1750-ps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wab-s1167-ps_firmware:*:*:*:*:*:*:*:*
Vendors & Products Elecom
Elecom wab-i1750-ps
Elecom wab-i1750-ps Firmware
Elecom wab-s1167-ps
Elecom wab-s1167-ps Firmware
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Fri, 30 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 30 Aug 2024 06:45:00 +0000

Type Values Removed Values Added
Description Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2025-09-19T17:23:20.358Z

Reserved: 2024-08-16T04:42:08.243Z

Link: CVE-2024-42412

cve-icon Vulnrichment

Updated: 2024-08-30T14:25:20.212Z

cve-icon NVD

Status : Modified

Published: 2024-08-30T07:15:12.070

Modified: 2025-09-19T18:15:35.977

Link: CVE-2024-42412

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.