CVE-2024-34577

CVE-2024-34577

Vendor Elecom Co.,Ltd.

Product WRC-X3000GS2-B

Weakness CWE-79 · XSS

Published August 30, 2024

Last update May 12, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, WRC-X3000GS2A-B and WRC-X3000GST2-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

Key dates

02Disclosure timeline

August 30, 2024 CVE published

May 12, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-34577 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2024-34577

CWE CWE-79

Affected versions

Vendor Elecom Co.,Ltd.

Product WRC-X3000GS2-B

Affected v1.08 and earlier

Vendor Elecom Co.,Ltd.

Product WRC-X3000GS2-W

Affected v1.08 and earlier

Vendor Elecom Co.,Ltd.

Product WRC-X3000GS2A-B

Affected v1.08 and earlier

Vendor Elecom Co.,Ltd.

Product WRC-X3000GST2-B

Affected v1.06 and earlier

01Description

02Disclosure timeline

03References

04Related CVE