From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability ID and Description: - JVN#24885537 - Multiple vulnerabilities exist in various wireless LAN routers and access points provided by ELECOM CO., LTD. 2. Affected Products: - WRC-X3000GS2-B v1.08 and earlier versions - WRC-X3000GS2-W v1.08 and earlier versions - WRC-X3000GS2A-B v1.08 and earlier versions - WAB-I1750-PS v1.5.10 and earlier versions - WAB-S1167-PS v1.5.6 and earlier versions 3. Vulnerability Descriptions: - Cross-site scripting vulnerability due to improper processing of input values in easysetup.cgi and menu.cgi (CWE-79): - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 - CVE-2024-34577, CVE-2024-42412 - Missing authentication in Telnet function (CWE-306): - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.1 - CVE-2024-39300 - Stack-based buffer overflow due to improper processing of input values in common.cgi (CWE-121): - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 8.8 - CVE-2024-43689 4. Impact: - If a user views a malicious webpage while logged in, malicious scripts may execute in the user’s browser (CVE-2024-34577, CVE-2024-42412) - When the Telnet function is enabled, remote attackers can log in to the device and modify settings without authentication (CVE-2024-39300) - By processing specially crafted HTTP requests, arbitrary code can be executed (CVE-2024-43689) 5. Solution: - Update firmware - Update firmware to the latest version as instructed by the vendor. 6. Reference Information: - JPCERT/CC Addendum - Vulnerability analysis by JPCERT/CC - Credit information 7. Additional Information: - JPCERT Alert - JPCERT Reports - CERT Advisory - CPNI Advisory - TRnotes - CVE - JVN iPedia This information provides detailed details about vulnerabilities in ELECOM wireless LAN routers and access points, including affected products, vulnerability descriptions, impacts, solutions, and reference materials.