Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for WRC-1167GEBK-S by ELECOM CO.,LTD.
CVE-2023-37565 (GCVE-0-2023-37565)
Vulnerability from nvd – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
VLAI?
Summary
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity ?
No CVSS data available.
CWE
- Code injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:43:07.183541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:48:22.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:04:25.910Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37565",
"datePublished": "2023-07-13T03:04:25.910Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-07T14:48:22.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37564 (GCVE-0-2023-37564)
Vulnerability from nvd – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
VLAI?
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:21:27.301662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:24:49.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:01:41.200Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37564",
"datePublished": "2023-07-13T03:01:41.200Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T15:24:49.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37563 (GCVE-0-2023-37563)
Vulnerability from nvd – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
VLAI?
Summary
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:06:38.318539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:07:10.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier "
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:31:52.811Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37563",
"datePublished": "2023-07-13T02:59:04.187Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T18:07:10.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37568 (GCVE-0-2023-37568)
Vulnerability from nvd – Published: 2023-07-13 01:48 – Updated: 2024-11-05 15:24
VLAI?
Summary
ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.
Severity ?
No CVSS data available.
CWE
- Arbitrary command execution
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T15:18:11.923205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:24:15.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T01:48:09.334Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37568",
"datePublished": "2023-07-13T01:48:09.334Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-05T15:24:15.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37565 (GCVE-0-2023-37565)
Vulnerability from cvelistv5 – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
VLAI?
Summary
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity ?
No CVSS data available.
CWE
- Code injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:43:07.183541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:48:22.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:04:25.910Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37565",
"datePublished": "2023-07-13T03:04:25.910Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-07T14:48:22.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37564 (GCVE-0-2023-37564)
Vulnerability from cvelistv5 – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
VLAI?
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity ?
No CVSS data available.
CWE
- OS command injection
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:21:27.301662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:24:49.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:01:41.200Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37564",
"datePublished": "2023-07-13T03:01:41.200Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T15:24:49.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37563 (GCVE-0-2023-37563)
Vulnerability from cvelistv5 – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
VLAI?
Summary
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:06:38.318539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:07:10.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier "
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:31:52.811Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37563",
"datePublished": "2023-07-13T02:59:04.187Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T18:07:10.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37568 (GCVE-0-2023-37568)
Vulnerability from cvelistv5 – Published: 2023-07-13 01:48 – Updated: 2024-11-05 15:24
VLAI?
Summary
ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.
Severity ?
No CVSS data available.
CWE
- Arbitrary command execution
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-05T15:18:11.923205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T15:24:15.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T01:48:09.334Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37568",
"datePublished": "2023-07-13T01:48:09.334Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-05T15:24:15.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2023-002413
Vulnerability from jvndb - Published: 2023-07-12 16:15 - Updated:2024-04-22 16:18
Severity ?
Summary
Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
* Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568
* Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
"dc:date": "2024-04-22T16:18+09:00",
"dcterms:issued": "2023-07-12T16:15+09:00",
"dcterms:modified": "2024-04-22T16:18+09:00",
"description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568\r\n * Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
"@product": "WRC-1167FEBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
"@product": "WRC-1167GEBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
"@product": "WRC-1167GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
"@product": "WRC-1167GHBK3-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
"@product": "WRC-1467GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
"@product": "WRC-1900GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
"@product": "WRC-600GHBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
"@product": "WRC-733FEBK2-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
"@product": "WRC-F1167ACF2",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:logitec:lan-w301nr_firmware",
"@product": "LAN-W301NR firmware",
"@vendor": "Logitec Corp.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-002413",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU91850798/",
"@id": "JVNVU#91850798",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37566",
"@id": "CVE-2023-37566",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37567",
"@id": "CVE-2023-37567",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37568",
"@id": "CVE-2023-37568",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37566",
"@id": "CVE-2023-37566",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37567",
"@id": "CVE-2023-37567",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37568",
"@id": "CVE-2023-37568",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/77.html",
"@id": "CWE-77",
"@title": "Command Injection(CWE-77)"
}
],
"title": "Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers"
}
JVNDB-2023-000071
Vulnerability from jvndb - Published: 2023-07-11 15:37 - Updated:2024-03-29 15:28
Severity ?
Summary
Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
Details
Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2023-37560
* Open Redirect (CWE-601) - CVE-2023-37561
* Cross-Site Request Forgery (CWE-352) - CVE-2023-37562
* Information disclosure (CWE-200) - CVE-2023-37563
* OS Command Injection (CWE-78) - CVE-2023-37564
* Code Injection (CWE-94) - CVE-2023-37565
CVE-2023-37560
Yamaguchi Kakeru reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37561, CVE-2023-37562
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37563
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.
CVE-2023-37564
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37565
MASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
"dc:date": "2024-03-29T15:28+09:00",
"dcterms:issued": "2023-07-11T15:37+09:00",
"dcterms:modified": "2024-03-29T15:28+09:00",
"description": "Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n * Cross-site Scripting (CWE-79) - CVE-2023-37560\r\n * Open Redirect (CWE-601) - CVE-2023-37561\r\n * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562\r\n * Information disclosure (CWE-200) - CVE-2023-37563\r\n * OS Command Injection (CWE-78) - CVE-2023-37564\r\n * Code Injection (CWE-94) - CVE-2023-37565\r\n\r\nCVE-2023-37560\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37561, CVE-2023-37562\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37563\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-37564\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37565\r\nMASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
"@product": "WRC-1167FEBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167febk-s",
"@product": "WRC-1167FEBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
"@product": "WRC-1167GEBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
"@product": "WRC-1167GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
"@product": "WRC-1167GHBK3-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrh-300wh-h_firmware",
"@product": "WRH-300WH-H firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wtc-300hwh",
"@product": "WTC-300HWH",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wtc-c1167gc-b",
"@product": "WTC-C1167GC-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wtc-c1167gc-w",
"@product": "WTC-C1167GC-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000071",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN05223215/index.html",
"@id": "JVN#05223215",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37560",
"@id": "CVE-2023-37560",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37561",
"@id": "CVE-2023-37561",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37562",
"@id": "CVE-2023-37562",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37563",
"@id": "CVE-2023-37563",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37564",
"@id": "CVE-2023-37564",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37565",
"@id": "CVE-2023-37565",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37560",
"@id": "CVE-2023-37560",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37561",
"@id": "CVE-2023-37561",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37562",
"@id": "CVE-2023-37562",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37563",
"@id": "CVE-2023-37563",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37564",
"@id": "CVE-2023-37564",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37565",
"@id": "CVE-2023-37565",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters"
}