Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for WRC-1167FEBK-S by ELECOM CO.,LTD.

    CVE-2023-37565 (GCVE-0-2023-37565)

    Vulnerability from nvd – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
    VLAI
    Summary
    Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , < 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , < 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , < 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T14:43:07.183541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T14:48:22.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:04:25.910Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37565",
        "datePublished": "2023-07-13T03:04:25.910Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-07T14:48:22.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37564 (GCVE-0-2023-37564)

    Vulnerability from nvd – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , ≤ 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:21:27.301662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:24:49.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:01:41.200Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37564",
        "datePublished": "2023-07-13T03:01:41.200Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T15:24:49.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37563 (GCVE-0-2023-37563)

    Vulnerability from nvd – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
    VLAI
    Summary
    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:06:38.318539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:07:10.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:31:52.811Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37563",
        "datePublished": "2023-07-13T02:59:04.187Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T18:07:10.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37565 (GCVE-0-2023-37565)

    Vulnerability from cvelistv5 – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
    VLAI
    Summary
    Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , < 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , < 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , < 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T14:43:07.183541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T14:48:22.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:04:25.910Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37565",
        "datePublished": "2023-07-13T03:04:25.910Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-07T14:48:22.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37564 (GCVE-0-2023-37564)

    Vulnerability from cvelistv5 – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , ≤ 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:21:27.301662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:24:49.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:01:41.200Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37564",
        "datePublished": "2023-07-13T03:01:41.200Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T15:24:49.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37563 (GCVE-0-2023-37563)

    Vulnerability from cvelistv5 – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
    VLAI
    Summary
    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:06:38.318539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:07:10.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:31:52.811Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37563",
        "datePublished": "2023-07-13T02:59:04.187Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T18:07:10.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2023-000071

    Vulnerability from jvndb - Published: 2023-07-11 15:37 - Updated:2024-03-29 15:28
    Severity
    Summary
    Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
    Details
    Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. * Cross-site Scripting (CWE-79) - CVE-2023-37560 * Open Redirect (CWE-601) - CVE-2023-37561 * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562 * Information disclosure (CWE-200) - CVE-2023-37563 * OS Command Injection (CWE-78) - CVE-2023-37564 * Code Injection (CWE-94) - CVE-2023-37565 CVE-2023-37560 Yamaguchi Kakeru reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37561, CVE-2023-37562 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37563 Shu Yoshikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer. CVE-2023-37564 Shu Yoshikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37565 MASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
      "dc:date": "2024-03-29T15:28+09:00",
      "dcterms:issued": "2023-07-11T15:37+09:00",
      "dcterms:modified": "2024-03-29T15:28+09:00",
      "description": "Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n  * Cross-site Scripting (CWE-79) - CVE-2023-37560\r\n  * Open Redirect (CWE-601) - CVE-2023-37561\r\n  * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562\r\n  * Information disclosure (CWE-200) - CVE-2023-37563\r\n  * OS Command Injection (CWE-78) - CVE-2023-37564\r\n  * Code Injection (CWE-94) - CVE-2023-37565\r\n\r\nCVE-2023-37560\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37561, CVE-2023-37562\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37563\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-37564\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37565\r\nMASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
          "@product": "WRC-1167FEBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-s",
          "@product": "WRC-1167FEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
          "@product": "WRC-1167GEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
          "@product": "WRC-1167GHBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
          "@product": "WRC-1167GHBK3-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300wh-h_firmware",
          "@product": "WRH-300WH-H firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-300hwh",
          "@product": "WTC-300HWH",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-c1167gc-b",
          "@product": "WTC-C1167GC-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-c1167gc-w",
          "@product": "WTC-C1167GC-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.7",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000071",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN05223215/index.html",
          "@id": "JVN#05223215",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37560",
          "@id": "CVE-2023-37560",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37561",
          "@id": "CVE-2023-37561",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37562",
          "@id": "CVE-2023-37562",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37563",
          "@id": "CVE-2023-37563",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37564",
          "@id": "CVE-2023-37564",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37565",
          "@id": "CVE-2023-37565",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37560",
          "@id": "CVE-2023-37560",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37561",
          "@id": "CVE-2023-37561",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37562",
          "@id": "CVE-2023-37562",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37563",
          "@id": "CVE-2023-37563",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37564",
          "@id": "CVE-2023-37564",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37565",
          "@id": "CVE-2023-37565",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters"
    }