Wab Be36 M
Monthly
Cross-site request forgery (CSRF) in ELECOM wireless LAN access points (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows remote attackers to trick authenticated users into performing unintended administrative operations by viewing a malicious webpage. The vulnerability exists despite CSRF token implementation due to inadequate token validation, enabling integrity compromise of access point configuration without user knowledge.
ELECOM wireless LAN access point models WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, and WAB-BE36-S fail to validate the language parameter in administrative pages, allowing remote attackers to break the admin interface for logged-in users via malicious web pages. The vulnerability requires user interaction (viewing a malicious page while authenticated to the access point) and results in denial of service of the administrative interface rather than data exposure or unauthorized access. No public exploit code has been identified at time of analysis.
Stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows authenticated administrators to inject malicious scripts that execute in other administrators' web browsers when they access the device management interface. Exploitation requires high-privilege administrative credentials and user interaction (victim must visit the admin panel), limiting real-world risk despite network-accessible attack surface.
Cross-site request forgery (CSRF) in ELECOM wireless LAN access points (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows remote attackers to trick authenticated users into performing unintended administrative operations by viewing a malicious webpage. The vulnerability exists despite CSRF token implementation due to inadequate token validation, enabling integrity compromise of access point configuration without user knowledge.
ELECOM wireless LAN access point models WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, and WAB-BE36-S fail to validate the language parameter in administrative pages, allowing remote attackers to break the admin interface for logged-in users via malicious web pages. The vulnerability requires user interaction (viewing a malicious page while authenticated to the access point) and results in denial of service of the administrative interface rather than data exposure or unauthorized access. No public exploit code has been identified at time of analysis.
Stored cross-site scripting vulnerability in ELECOM wireless LAN access point devices (WAB-BE187-M, WAB-BE72-M, WAB-BE36-M, WAB-BE36-S) allows authenticated administrators to inject malicious scripts that execute in other administrators' web browsers when they access the device management interface. Exploitation requires high-privilege administrative credentials and user interaction (victim must visit the admin panel), limiting real-world risk despite network-accessible attack surface.