Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for LAN-WH300N/DGP by LOGITEC CORPORATION

    CVE-2023-35991 (GCVE-0-2023-35991)

    Vulnerability from nvd – Published: 2023-08-18 09:37 – Updated: 2024-10-21 20:26
    VLAI
    Summary
    Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    LOGITEC CORPORATION LAN-W300N/DR Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300N/DR Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W300N/P Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH450N/GP Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300AN/DGP Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300N/DGP Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300ANDGPE Affected: all versions
    Create a notification for this product.
    elecom lan-wh450n\/gp_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:elecom:lan-wh300n\/dgp_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-w300n\/dr_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-w300n\/p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh300an\/dgp_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh300n\/dr_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh450n\/gp_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91630351/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-wh450n\\/gp_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T20:16:01.788562Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T20:26:02.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LAN-W300N/DR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300N/DR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-W300N/P",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH450N/GP",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300AN/DGP",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300N/DGP",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300ANDGPE",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hidden Functionality",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:37:37.744Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91630351/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-35991",
        "datePublished": "2023-08-18T09:37:37.744Z",
        "dateReserved": "2023-08-09T11:54:58.462Z",
        "dateUpdated": "2024-10-21T20:26:02.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-35991 (GCVE-0-2023-35991)

    Vulnerability from cvelistv5 – Published: 2023-08-18 09:37 – Updated: 2024-10-21 20:26
    VLAI
    Summary
    Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    LOGITEC CORPORATION LAN-W300N/DR Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300N/DR Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W300N/P Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH450N/GP Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300AN/DGP Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300N/DGP Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-WH300ANDGPE Affected: all versions
    Create a notification for this product.
    elecom lan-wh450n\/gp_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:elecom:lan-wh300n\/dgp_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-w300n\/dr_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-w300n\/p_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh300an\/dgp_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh300n\/dr_firmware:-:*:*:*:*:*:*:*
        cpe:2.3:o:elecom:lan-wh450n\/gp_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:40.538Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91630351/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:-:*:*:*:*:*:*:*",
                  "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-wh450n\\/gp_firmware",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-35991",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-21T20:16:01.788562Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-21T20:26:02.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "LAN-W300N/DR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300N/DR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-W300N/P",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH450N/GP",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300AN/DGP",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300N/DGP",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "LAN-WH300ANDGPE",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hidden Functionality",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:37:37.744Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91630351/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-35991",
        "datePublished": "2023-08-18T09:37:37.744Z",
        "dateReserved": "2023-08-09T11:54:58.462Z",
        "dateUpdated": "2024-10-21T20:26:02.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }