CVE-2024-42412 MEDIUM

CVE-2024-42412

Vendor Elecom Co.,Ltd.

Product WAB-I1750-PS

Weakness CWE-79 · XSS

Published August 30, 2024

Last update September 19, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

Key dates

02Disclosure timeline

August 30, 2024 CVE published

September 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-42412 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2024-42412

CWE CWE-79

CVSS 6.1 / MEDIUM

Affected versions

Vendor Elecom Co.,Ltd.

Product WAB-I1750-PS

Affected v1.5.10 and earlier

Vendor Elecom Co.,Ltd.

Product WAB-M1775-PS

Affected v2.1.4 and earlier

Vendor Elecom Co.,Ltd.

Product WAB-S1167-PS

Affected v1.5.6 and earlier

Vendor Elecom Co.,Ltd.

Product WAB-S1775

Affected v2.1.4 and earlier

Vendor Elecom Co.,Ltd.

Product WAB-S733MI

Affected v1.3.2 and earlier

CVE-2024-42412

01Description

02Disclosure timeline

03References

04Related CVE