Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for WRC-1167GHBK3-A by ELECOM CO.,LTD.

    CVE-2023-37565 (GCVE-0-2023-37565)

    Vulnerability from nvd – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
    VLAI
    Summary
    Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , < 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , < 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , < 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T14:43:07.183541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T14:48:22.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:04:25.910Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37565",
        "datePublished": "2023-07-13T03:04:25.910Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-07T14:48:22.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37564 (GCVE-0-2023-37564)

    Vulnerability from nvd – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , ≤ 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:21:27.301662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:24:49.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:01:41.200Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37564",
        "datePublished": "2023-07-13T03:01:41.200Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T15:24:49.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37563 (GCVE-0-2023-37563)

    Vulnerability from nvd – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
    VLAI
    Summary
    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:06:38.318539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:07:10.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:31:52.811Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37563",
        "datePublished": "2023-07-13T02:59:04.187Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T18:07:10.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37567 (GCVE-0-2023-37567)

    Vulnerability from nvd – Published: 2023-07-13 01:46 – Updated: 2024-11-06 14:28
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:23:25.188680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:28:41.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:35:14.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37567",
        "datePublished": "2023-07-13T01:46:47.274Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T14:28:41.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37566 (GCVE-0-2023-37566)

    Vulnerability from nvd – Published: 2023-07-13 01:44 – Updated: 2024-11-06 18:19
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:31.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:15:05.526570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:19:31.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:34:09.134Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37566",
        "datePublished": "2023-07-13T01:44:48.791Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T18:19:31.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37565 (GCVE-0-2023-37565)

    Vulnerability from cvelistv5 – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
    VLAI
    Summary
    Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Code injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , < 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , < 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , < 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , < 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37565",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T14:43:07.183541Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T14:48:22.907Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:04:25.910Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37565",
        "datePublished": "2023-07-13T03:04:25.910Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-07T14:48:22.907Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37564 (GCVE-0-2023-37564)

    Vulnerability from cvelistv5 – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • OS command injection
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GEBK-S Affected: v1.03 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-S Affected: v1.04 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    elecom wrc-1167ghbk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167gebk-s Affected: 0 , ≤ 1.03 (custom)
        cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-s Affected: 0 , ≤ 1.04 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.810Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167gebk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.03",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-s",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.04",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37564",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:21:27.301662Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T15:24:49.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier"
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-07-13T03:01:41.200Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37564",
        "datePublished": "2023-07-13T03:01:41.200Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T15:24:49.122Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37563 (GCVE-0-2023-37563)

    Vulnerability from cvelistv5 – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
    VLAI
    Summary
    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:06:38.318539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:07:10.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:31:52.811Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37563",
        "datePublished": "2023-07-13T02:59:04.187Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T18:07:10.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37567 (GCVE-0-2023-37567)

    Vulnerability from cvelistv5 – Published: 2023-07-13 01:46 – Updated: 2024-11-06 14:28
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:23:25.188680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:28:41.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:35:14.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37567",
        "datePublished": "2023-07-13T01:46:47.274Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T14:28:41.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37566 (GCVE-0-2023-37566)

    Vulnerability from cvelistv5 – Published: 2023-07-13 01:44 – Updated: 2024-11-06 18:19
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:31.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:15:05.526570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:19:31.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:34:09.134Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37566",
        "datePublished": "2023-07-13T01:44:48.791Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T18:19:31.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2023-002413

    Vulnerability from jvndb - Published: 2023-07-12 16:15 - Updated:2024-04-22 16:18
    Severity
    Summary
    Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers
    Details
    Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568 * Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
      "dc:date": "2024-04-22T16:18+09:00",
      "dcterms:issued": "2023-07-12T16:15+09:00",
      "dcterms:modified": "2024-04-22T16:18+09:00",
      "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568\r\n * Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
          "@product": "WRC-1167FEBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
          "@product": "WRC-1167GEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
          "@product": "WRC-1167GHBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
          "@product": "WRC-1167GHBK3-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
          "@product": "WRC-1467GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
          "@product": "WRC-1900GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
          "@product": "WRC-600GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
          "@product": "WRC-733FEBK2-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
          "@product": "WRC-F1167ACF2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w301nr_firmware",
          "@product": "LAN-W301NR firmware",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "9.8",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-002413",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU91850798/",
          "@id": "JVNVU#91850798",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37566",
          "@id": "CVE-2023-37566",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37567",
          "@id": "CVE-2023-37567",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37568",
          "@id": "CVE-2023-37568",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37566",
          "@id": "CVE-2023-37566",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37567",
          "@id": "CVE-2023-37567",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37568",
          "@id": "CVE-2023-37568",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/77.html",
          "@id": "CWE-77",
          "@title": "Command Injection(CWE-77)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers"
    }

    JVNDB-2023-000071

    Vulnerability from jvndb - Published: 2023-07-11 15:37 - Updated:2024-03-29 15:28
    Severity
    Summary
    Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
    Details
    Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. * Cross-site Scripting (CWE-79) - CVE-2023-37560 * Open Redirect (CWE-601) - CVE-2023-37561 * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562 * Information disclosure (CWE-200) - CVE-2023-37563 * OS Command Injection (CWE-78) - CVE-2023-37564 * Code Injection (CWE-94) - CVE-2023-37565 CVE-2023-37560 Yamaguchi Kakeru reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37561, CVE-2023-37562 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37563 Shu Yoshikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer. CVE-2023-37564 Shu Yoshikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37565 MASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
      "dc:date": "2024-03-29T15:28+09:00",
      "dcterms:issued": "2023-07-11T15:37+09:00",
      "dcterms:modified": "2024-03-29T15:28+09:00",
      "description": "Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n  * Cross-site Scripting (CWE-79) - CVE-2023-37560\r\n  * Open Redirect (CWE-601) - CVE-2023-37561\r\n  * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562\r\n  * Information disclosure (CWE-200) - CVE-2023-37563\r\n  * OS Command Injection (CWE-78) - CVE-2023-37564\r\n  * Code Injection (CWE-94) - CVE-2023-37565\r\n\r\nCVE-2023-37560\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37561, CVE-2023-37562\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37563\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-37564\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37565\r\nMASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
          "@product": "WRC-1167FEBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-s",
          "@product": "WRC-1167FEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
          "@product": "WRC-1167GEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
          "@product": "WRC-1167GHBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
          "@product": "WRC-1167GHBK3-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300wh-h_firmware",
          "@product": "WRH-300WH-H firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-300hwh",
          "@product": "WTC-300HWH",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-c1167gc-b",
          "@product": "WTC-C1167GC-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-c1167gc-w",
          "@product": "WTC-C1167GC-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.7",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000071",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN05223215/index.html",
          "@id": "JVN#05223215",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37560",
          "@id": "CVE-2023-37560",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37561",
          "@id": "CVE-2023-37561",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37562",
          "@id": "CVE-2023-37562",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37563",
          "@id": "CVE-2023-37563",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37564",
          "@id": "CVE-2023-37564",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37565",
          "@id": "CVE-2023-37565",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37560",
          "@id": "CVE-2023-37560",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37561",
          "@id": "CVE-2023-37561",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37562",
          "@id": "CVE-2023-37562",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37563",
          "@id": "CVE-2023-37563",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37564",
          "@id": "CVE-2023-37564",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37565",
          "@id": "CVE-2023-37565",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters"
    }