Vulnerabilites related to elecom - wrc-1167ghbk3-a_firmware
cve-2023-37566
Vulnerability from cvelistv5
Published
2023-07-13 01:44
Modified
2024-11-06 18:19
Severity ?
EPSS score ?
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Version: v1.24 and earlier |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:31.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-f1167acf2",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-600ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-733febk2-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1467ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1900ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w301nr",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:15:05.526570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:19:31.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "LAN-W301NR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:34:09.134Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37566",
"datePublished": "2023-07-13T01:44:48.791Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-06T18:19:31.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37563
Vulnerability from cvelistv5
Published
2023-07-13 02:59
Modified
2024-11-06 18:07
Severity ?
EPSS score ?
Summary
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ELECOM CO.,LTD. | WRC-1167GHBK-S |
Version: v1.03 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:06:38.318539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:07:10.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier "
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:31:52.811Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37563",
"datePublished": "2023-07-13T02:59:04.187Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T18:07:10.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37567
Vulnerability from cvelistv5
Published
2023-07-13 01:46
Modified
2024-11-06 14:28
Severity ?
EPSS score ?
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Version: v1.24 and earlier |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-f1167acf2",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-600ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-733febk2-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1467ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1900ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w301nr",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T14:23:25.188680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:28:41.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "LAN-W301NR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:35:14.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37567",
"datePublished": "2023-07-13T01:46:47.274Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-06T14:28:41.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37565
Vulnerability from cvelistv5
Published
2023-07-13 03:04
Modified
2024-11-07 14:48
Severity ?
EPSS score ?
Summary
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ELECOM CO.,LTD. | WRC-1167GHBK-S |
Version: v1.03 and earlier |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:43:07.183541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:48:22.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:04:25.910Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37565",
"datePublished": "2023-07-13T03:04:25.910Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-07T14:48:22.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37564
Vulnerability from cvelistv5
Published
2023-07-13 03:01
Modified
2024-11-06 15:24
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ELECOM CO.,LTD. | WRC-1167GHBK-S |
Version: v1.03 and earlier |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:21:27.301662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:24:49.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:01:41.200Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37564",
"datePublished": "2023-07-13T03:01:41.200Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T15:24:49.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-07-13 02:15
Modified
2024-11-21 08:11
Severity ?
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elecom | wrc-1167ghbk3-a_firmware | * | |
| elecom | wrc-1167ghbk3-a | - | |
| elecom | wrc-1167febk-a_firmware | * | |
| elecom | wrc-1167febk-a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990",
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03",
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"id": "CVE-2023-37566",
"lastModified": "2024-11-21T08:11:57.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T02:15:09.517",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 04:15
Modified
2024-11-21 08:11
Severity ?
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN05223215/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.elecom.co.jp/news/security/20230711-01/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN05223215/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elecom.co.jp/news/security/20230711-01/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elecom | wrc-1167ghbk-s_firmware | * | |
| elecom | wrc-1167ghbk-s | - | |
| elecom | wrc-1167gebk-s_firmware | * | |
| elecom | wrc-1167gebk-s | - | |
| elecom | wrc-1167febk-s_firmware | * | |
| elecom | wrc-1167febk-s | - | |
| elecom | wrc-1167ghbk3-a_firmware | * | |
| elecom | wrc-1167ghbk3-a | - | |
| elecom | wrc-1167febk-a_firmware | * | |
| elecom | wrc-1167febk-a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427",
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681",
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7200E9A-0713-461F-AD6D-03151D62F0B0",
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF5A7C-3EEA-4592-A25C-E254DF703FFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990",
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03",
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"id": "CVE-2023-37564",
"lastModified": "2024-11-21T08:11:57.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T04:15:10.213",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 04:15
Modified
2024-11-21 08:11
Severity ?
Summary
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN05223215/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.elecom.co.jp/news/security/20230711-01/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN05223215/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.elecom.co.jp/news/security/20230711-01/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elecom | wrc-1167ghbk-s_firmware | * | |
| elecom | wrc-1167ghbk-s | - | |
| elecom | wrc-1167gebk-s_firmware | * | |
| elecom | wrc-1167gebk-s | - | |
| elecom | wrc-1167febk-s_firmware | * | |
| elecom | wrc-1167febk-s | - | |
| elecom | wrc-1167ghbk3-a_firmware | * | |
| elecom | wrc-1167ghbk3-a | - | |
| elecom | wrc-1167febk-a_firmware | * | |
| elecom | wrc-1167febk-a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427",
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681",
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7200E9A-0713-461F-AD6D-03151D62F0B0",
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF5A7C-3EEA-4592-A25C-E254DF703FFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990",
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03",
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"id": "CVE-2023-37565",
"lastModified": "2024-11-21T08:11:57.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T04:15:10.303",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 03:15
Modified
2024-11-21 08:11
Severity ?
Summary
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elecom | wrc-1167ghbk-s_firmware | * | |
| elecom | wrc-1167ghbk-s | - | |
| elecom | wrc-1167gebk-s_firmware | * | |
| elecom | wrc-1167gebk-s | - | |
| elecom | wrc-1167febk-s_firmware | * | |
| elecom | wrc-1167febk-s | - | |
| elecom | wrc-1167ghbk3-a_firmware | * | |
| elecom | wrc-1167ghbk3-a | - | |
| elecom | wrc-1167febk-a_firmware | * | |
| elecom | wrc-1167febk-a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427",
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681",
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7200E9A-0713-461F-AD6D-03151D62F0B0",
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EF5A7C-3EEA-4592-A25C-E254DF703FFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990",
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03",
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
}
],
"id": "CVE-2023-37563",
"lastModified": "2024-11-21T08:11:57.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T03:15:09.927",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-13 02:15
Modified
2024-11-21 08:11
Severity ?
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| elecom | wrc-1167ghbk3-a_firmware | * | |
| elecom | wrc-1167ghbk3-a | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990",
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"id": "CVE-2023-37567",
"lastModified": "2024-11-21T08:11:57.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-13T02:15:09.563",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}