Vulnerability-Lookup

CVE-2024-42412 (GCVE-0-2024-42412)

Vulnerability from cvelistv5 – Published: 2024-08-30 06:29 – Updated: 2025-09-19 17:23

Summary

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Cross-site scripting (XSS)

Assigner

jpcert

References

URL

Tags

	https://www.elecom.co.jp/news/security/20240827-01/
	https://jvn.jp/en/jp/JVN24885537/

Impacted products

Vendor

Product

Version

ELECOM CO.,LTD.

WAB-I1750-PS

Affected: v1.5.10 and earlier

ELECOM CO.,LTD.	WAB-M1775-PS	Affected: v2.1.4 and earlier
ELECOM CO.,LTD.	WAB-S1167-PS	Affected: v1.5.6 and earlier
ELECOM CO.,LTD.	WAB-S1775	Affected: v2.1.4 and earlier
ELECOM CO.,LTD.	WAB-S733MI	Affected: v1.3.2 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T14:25:15.511783Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-19T17:23:20.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WAB-I1750-PS",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.5.10 and earlier"
            }
          ]
        },
        {
          "product": "WAB-M1775-PS",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v2.1.4 and earlier"
            }
          ]
        },
        {
          "product": "WAB-S1167-PS",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.5.6 and earlier"
            }
          ]
        },
        {
          "product": "WAB-S1775",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v2.1.4 and earlier"
            }
          ]
        },
        {
          "product": "WAB-S733MI",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.3.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user\u0027s web browser."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross-site scripting (XSS)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-26T08:02:25.963Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20240827-01/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN24885537/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-42412",
    "datePublished": "2024-08-30T06:29:27.606Z",
    "dateReserved": "2024-08-16T04:42:08.243Z",
    "dateUpdated": "2025-09-19T17:23:20.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-42412\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-30T14:25:15.511783Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-30T14:25:20.212Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ELECOM CO.,LTD.\", \"product\": \"WAB-I1750-PS\", \"versions\": [{\"status\": \"affected\", \"version\": \"v1.5.10 and earlier\"}]}, {\"vendor\": \"ELECOM CO.,LTD.\", \"product\": \"WAB-M1775-PS\", \"versions\": [{\"status\": \"affected\", \"version\": \"v2.1.4 and earlier\"}]}, {\"vendor\": \"ELECOM CO.,LTD.\", \"product\": \"WAB-S1167-PS\", \"versions\": [{\"status\": \"affected\", \"version\": \"v1.5.6 and earlier\"}]}, {\"vendor\": \"ELECOM CO.,LTD.\", \"product\": \"WAB-S1775\", \"versions\": [{\"status\": \"affected\", \"version\": \"v2.1.4 and earlier\"}]}, {\"vendor\": \"ELECOM CO.,LTD.\", \"product\": \"WAB-S733MI\", \"versions\": [{\"status\": \"affected\", \"version\": \"v1.3.2 and earlier\"}]}], \"references\": [{\"url\": \"https://www.elecom.co.jp/news/security/20240827-01/\"}, {\"url\": \"https://jvn.jp/en/jp/JVN24885537/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user\u0027s web browser.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"Cross-site scripting (XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-11-26T08:02:25.963Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-42412\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-19T17:23:20.358Z\", \"dateReserved\": \"2024-08-16T04:42:08.243Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-08-30T06:29:27.606Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

JVNDB-2024-000088

Vulnerability from jvndb - Published: 2024-08-27 14:40 - Updated:2024-11-26 15:17

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in ELECOM wireless LAN routers and access points

Details

Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. * Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi (CWE-79) - CVE-2024-34577, CVE-2024-42412 * Missing authentication in Telnet function (CWE-306) - CVE-2024-39300 * Stack-based buffer overflow due to an improper processing of input values in common.cgi (CWE-121) - CVE-2024-43689 CVE-2024-34577 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-39300 SASABE Tetsuro reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2024-42412, CVE-2024-43689 RyotaK of Flatt Security Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN24885537/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-34577
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-39300
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-42412
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-43689
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	ELECOM CO.,LTD.	WAB-I1750-PS
	ELECOM CO.,LTD.	WAB-S1167-PS
	ELECOM CO.,LTD.	WAB-M1775-PS firmware
	ELECOM CO.,LTD.	WAB-S1775 firmware
	ELECOM CO.,LTD.	WAB-S733MI
	ELECOM CO.,LTD.	WRC-X3000GS2-B firmware
	ELECOM CO.,LTD.	WRC-X3000GS2-W firmware
	ELECOM CO.,LTD.	WRC-X3000GS2A-B firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000088.html",
  "dc:date": "2024-11-26T15:17+09:00",
  "dcterms:issued": "2024-08-27T14:40+09:00",
  "dcterms:modified": "2024-11-26T15:17+09:00",
  "description": "Multiple wireless LAN routers and access points provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n* Cross-site scripting vulnerability due to an improper processing of input values in easysetup.cgi and menu.cgi (CWE-79) - CVE-2024-34577, CVE-2024-42412\r\n\r\n* Missing authentication in Telnet function (CWE-306) - CVE-2024-39300\r\n\r\n* Stack-based buffer overflow due to an improper processing of input values in common.cgi (CWE-121) - CVE-2024-43689\r\n\r\nCVE-2024-34577\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-39300\r\nSASABE Tetsuro reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-42412, CVE-2024-43689\r\nRyotaK of Flatt Security Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000088.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:elecom:wab-i1750-ps",
      "@product": "WAB-I1750-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:elecom:wab-s1167-ps",
      "@product": "WAB-S1167-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-m1775-ps_firmware",
      "@product": "WAB-M1775-PS firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s1775_firmware",
      "@product": "WAB-S1775 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s733mi",
      "@product": "WAB-S733MI",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
      "@product": "WRC-X3000GS2-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
      "@product": "WRC-X3000GS2-W firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
      "@product": "WRC-X3000GS2A-B firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000088",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN24885537/index.html",
      "@id": "JVN#24885537",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-34577",
      "@id": "CVE-2024-34577",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-39300",
      "@id": "CVE-2024-39300",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-42412",
      "@id": "CVE-2024-42412",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-43689",
      "@id": "CVE-2024-43689",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM wireless LAN routers and access points"
}

GHSA-HFF3-P4H7-F98R

Vulnerability from github – Published: 2024-08-30 09:31 – Updated: 2024-09-03 15:30

Details

Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-42412"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-30T07:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user\u0027s web browser.",
  "id": "GHSA-hff3-p4h7-f98r",
  "modified": "2024-09-03T15:30:40Z",
  "published": "2024-08-30T09:31:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42412"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN24885537"
    },
    {
      "type": "WEB",
      "url": "https://www.elecom.co.jp/news/security/20240827-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2024-42412

Vulnerability from fkie_nvd - Published: 2024-08-30 07:15 - Updated: 2025-09-19 18:15

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN24885537/	Third Party Advisory
	vultures@jpcert.or.jp	https://www.elecom.co.jp/news/security/20240827-01/	Vendor Advisory

Impacted products

Vendor	Product	Version
elecom	wab-s1167-ps_firmware	*
elecom	wab-s1167-ps	-
elecom	wab-i1750-ps_firmware	*
elecom	wab-i1750-ps	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:wab-s1167-ps_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7338AD82-5A24-4C16-9454-F11E703C68D2",
              "versionEndIncluding": "1.5.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:wab-s1167-ps:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F8A009-6EDC-4993-B3D5-A0868DC03E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:wab-i1750-ps_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FED29C50-A620-4026-9BB7-233EC56A5470",
              "versionEndIncluding": "1.5.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:wab-i1750-ps:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "003AB2FC-6B65-46BE-8573-E5B4D1C9E8A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user\u0027s web browser."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de Cross Site Scripting en WAB-I1750-PS y WAB-S1167-PS debido al procesamiento incorrecto de los valores de entrada en menu.cgi. Si un usuario visualiza una p\u00e1gina web maliciosa mientras est\u00e1 conectado al producto, es posible que se ejecute una secuencia de comandos arbitraria en el navegador web del usuario."
    }
  ],
  "id": "CVE-2024-42412",
  "lastModified": "2025-09-19T18:15:35.977",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "vultures@jpcert.or.jp",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-08-30T07:15:12.070",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN24885537/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elecom.co.jp/news/security/20240827-01/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "vultures@jpcert.or.jp",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-42412 (GCVE-0-2024-42412)

JVNDB-2024-000088

GHSA-HFF3-P4H7-F98R

FKIE_CVE-2024-42412

Tags

Sightings

Nomenclature