CVE-2024-34021

Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN06672778/
https://www.elecom.co.jp/news/security/20240730-01/

Configurations

No configuration.

History

01 Aug 2024, 14:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-01 02:15

Updated : 2024-11-26 09:15

NVD link : CVE-2024-34021

Mitre link : CVE-2024-34021

CVE.ORG link : CVE-2024-34021

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-34021", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "vultures@jpcert.or.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-08-01T02:15:01.873", "references": [{"url": "https://jvn.jp/en/jp/JVN06672778/", "source": "vultures@jpcert.or.jp"}, {"url": "https://www.elecom.co.jp/news/security/20240730-01/", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "vultures@jpcert.or.jp", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution."}, {"lang": "es", "value": "Existe una carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los enrutadores LAN inal\u00e1mbricos ELECOM. Un usuario que haya iniciado sesi\u00f3n con privilegios administrativos puede cargar un archivo especialmente manipulado en el producto afectado, lo que resultar\u00e1 en la ejecuci\u00f3n arbitraria de un comando del sistema operativo."}], "lastModified": "2024-11-26T09:15:06.077", "sourceIdentifier": "vultures@jpcert.or.jp"}