Search

Find a vulnerability

Search criteria

    13 vulnerabilities found for WRC-1467GHBK-A by ELECOM CO.,LTD.

    CVE-2023-39455 (GCVE-0-2023-39455)

    Vulnerability from nvd – Published: 2023-08-18 09:42 – Updated: 2024-08-02 18:10
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    CWE
    • OS command injection
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91630351/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:42:19.491Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91630351/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39455",
        "datePublished": "2023-08-18T09:42:19.491Z",
        "dateReserved": "2023-08-09T11:55:00.303Z",
        "dateUpdated": "2024-08-02T18:10:20.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37563 (GCVE-0-2023-37563)

    Vulnerability from nvd – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
    VLAI
    Summary
    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:06:38.318539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:07:10.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:31:52.811Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37563",
        "datePublished": "2023-07-13T02:59:04.187Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T18:07:10.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37567 (GCVE-0-2023-37567)

    Vulnerability from nvd – Published: 2023-07-13 01:46 – Updated: 2024-11-06 14:28
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:23:25.188680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:28:41.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:35:14.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37567",
        "datePublished": "2023-07-13T01:46:47.274Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T14:28:41.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37566 (GCVE-0-2023-37566)

    Vulnerability from nvd – Published: 2023-07-13 01:44 – Updated: 2024-11-06 18:19
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:31.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:15:05.526570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:19:31.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:34:09.134Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37566",
        "datePublished": "2023-07-13T01:44:48.791Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T18:19:31.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20644 (GCVE-0-2021-20644)

    Vulnerability from nvd – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.
    Severity
    No CVSS data available.
    CWE
    • Script injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: WRC-1467GHBK-A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-1467GHBK-A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user\u0027s web browser by displaying a specially crafted SSID on the web setup page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Script injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:47.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20644",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-1467GHBK-A",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-1467GHBK-A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user\u0027s web browser by displaying a specially crafted SSID on the web setup page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Script injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20644",
        "datePublished": "2021-02-12T06:15:47.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-39455 (GCVE-0-2023-39455)

    Vulnerability from cvelistv5 – Published: 2023-08-18 09:42 – Updated: 2024-08-02 18:10
    VLAI
    Summary
    OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    CWE
    • OS command injection
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.649Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91630351/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS command injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:42:19.491Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91630351/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-39455",
        "datePublished": "2023-08-18T09:42:19.491Z",
        "dateReserved": "2023-08-09T11:55:00.303Z",
        "dateUpdated": "2024-08-02T18:10:20.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37563 (GCVE-0-2023-37563)

    Vulnerability from cvelistv5 – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
    VLAI
    Summary
    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information disclosure
    • CWE-922 - Insecure Storage of Sensitive Information
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN05223215/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37563",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:06:38.318539Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-922",
                    "description": "CWE-922 Insecure Storage of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:07:10.705Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.03 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.04 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:31:52.811Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN05223215/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37563",
        "datePublished": "2023-07-13T02:59:04.187Z",
        "dateReserved": "2023-07-07T08:46:11.998Z",
        "dateUpdated": "2024-11-06T18:07:10.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37567 (GCVE-0-2023-37567)

    Vulnerability from cvelistv5 – Published: 2023-07-13 01:46 – Updated: 2024-11-06 14:28
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:30.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T14:23:25.188680Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T14:28:41.455Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:35:14.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37567",
        "datePublished": "2023-07-13T01:46:47.274Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T14:28:41.455Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-37566 (GCVE-0-2023-37566)

    Vulnerability from cvelistv5 – Published: 2023-07-13 01:44 – Updated: 2024-11-06 18:19
    VLAI
    Summary
    Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Arbitrary command execution
    Assigner
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1167GHBK3-A Affected: v1.24 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1167FEBK-A Affected: v1.18 and earlier
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-F1167ACF2 Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-600GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-733FEBK2-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: all versions
    Create a notification for this product.
    ELECOM CO.,LTD. WRC-1900GHBK-A Affected: all versions
    Create a notification for this product.
    LOGITEC CORPORATION LAN-W301NR Affected: all versions
    Create a notification for this product.
    elecom wrc-1167ghbk3-a Affected: 0 , ≤ 1.24 (custom)
        cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1167febk-a Affected: 0 , ≤ 1.18 (custom)
        cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-f1167acf2 Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-600ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-733febk2-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1467ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom wrc-1900ghbk-a Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*
    Create a notification for this product.
    elecom lan-w301nr Affected: 0 , < * (custom)
        cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:16:31.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230810-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20230711-01/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/vu/JVNVU91850798/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167ghbk3-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.24",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1167febk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThanOrEqual": "1.18",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-f1167acf2",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-600ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-733febk2-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1467ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "wrc-1900ghbk-a",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "lan-w301nr",
                "vendor": "elecom",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-37566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T18:15:05.526570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T18:19:31.073Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1167GHBK3-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.24 and earlier "
                }
              ]
            },
            {
              "product": "WRC-1167FEBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "v1.18 and earlier "
                }
              ]
            },
            {
              "product": "WRC-F1167ACF2",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-600GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-733FEBK2-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "WRC-1900GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions "
                }
              ]
            },
            {
              "product": "LAN-W301NR",
              "vendor": "LOGITEC CORPORATION",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Arbitrary command execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-18T09:34:09.134Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            },
            {
              "url": "https://www.elecom.co.jp/news/security/20230711-01/"
            },
            {
              "url": "https://jvn.jp/en/vu/JVNVU91850798/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2023-37566",
        "datePublished": "2023-07-13T01:44:48.791Z",
        "dateReserved": "2023-07-07T08:46:11.999Z",
        "dateUpdated": "2024-11-06T18:19:31.073Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20644 (GCVE-0-2021-20644)

    Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.
    Severity
    No CVSS data available.
    CWE
    • Script injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-1467GHBK-A Affected: WRC-1467GHBK-A
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.343Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-1467GHBK-A",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-1467GHBK-A"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user\u0027s web browser by displaying a specially crafted SSID on the web setup page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Script injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:47.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20644",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-1467GHBK-A",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-1467GHBK-A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user\u0027s web browser by displaying a specially crafted SSID on the web setup page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Script injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20644",
        "datePublished": "2021-02-12T06:15:47.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2023-002797

    Vulnerability from jvndb - Published: 2023-08-15 11:54 - Updated:2026-05-15 19:42
    Severity
    Summary
    Multiple vulnerabilities in ELECOM and LOGITEC network devices
    Details
    Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 * Telnet service access restriction failure (CWE-284) - CVE-2023-38132 * Hidden Functionality (CWE-912) - CVE-2023-38576 * Buffer overflow (CWE-120) - CVE-2023-39454 * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072 * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
      "dc:date": "2026-05-15T19:42+09:00",
      "dcterms:issued": "2023-08-15T11:54+09:00",
      "dcterms:modified": "2026-05-15T19:42+09:00",
      "description": "Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n  * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445\r\n  * Telnet service access restriction failure (CWE-284) - CVE-2023-38132\r\n  * Hidden Functionality (CWE-912) - CVE-2023-38576\r\n  * Buffer overflow (CWE-120) - CVE-2023-39454\r\n  * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072\r\n  * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:elecom:wab-i1750-ps",
          "@product": "WAB-I1750-PS",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:elecom:wab-s1167-ps",
          "@product": "WAB-S1167-PS",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-m1775-ps",
          "@product": "WAB-M1775-PS",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-m2133",
          "@product": "WAB-M2133",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s1167",
          "@product": "WAB-S1167",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s1775",
          "@product": "WAB-S1775",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s300_firmware",
          "@product": "WAB-S300",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wab-s600-ps_firmware",
          "@product": "WAB-S600-PS",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-2lx-b",
          "@product": "WMC-2LX-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-2lx2-b",
          "@product": "WMC-2LX2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-x1800gst-b",
          "@product": "WMC-X1800GST-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wmc-x1800gst2-b",
          "@product": "WMC-X1800GST2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk2",
          "@product": "WRC-1167GHBK2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
          "@product": "WRC-1467GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1467ghbk-s_firmware",
          "@product": "WRC-1467GHBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750ghbk",
          "@product": "WRC-1750GHBK",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750ghbk-e",
          "@product": "WRC-1750GHBK-E",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750ghbk2-i",
          "@product": "WRC-1750GHBK2-I",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
          "@product": "WRC-1900GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900ghbk-s_firmware",
          "@product": "WRC-1900GHBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
          "@product": "WRC-600GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
          "@product": "WRC-733FEBK2-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f1167acf",
          "@product": "WRC-F1167ACF",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
          "@product": "WRC-F1167ACF2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
          "@product": "WRC-X1800GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
          "@product": "WRC-X1800GSA-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
          "@product": "WRC-X1800GSH-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs3-b",
          "@product": "WRC-X3000GS3-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs3a-b",
          "@product": "WRC-X3000GS3A-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qs-g",
          "@product": "WRC-X6000QS-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x6000qsa-g",
          "@product": "WRC-X6000QSA-G",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wsc-x1800gs-b",
          "@product": "WSC-X1800GS-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wsc-x1800gs2-b",
          "@product": "WSC-X1800GS2-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w300n%2fdr_firmware",
          "@product": "LAN-W300N/DR",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w300n%2fpr5_firmware",
          "@product": "LAN-W300N/PR5",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w451ngr_firmware",
          "@product": "LAN-W451NGR",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-wh300an%2fdgp_firmware",
          "@product": "LAN-WH300AN/DGP",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-wh300andgpe_firmware",
          "@product": "LAN-WH300ANDGPE",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-wh300n%2fdr_firmware",
          "@product": "LAN-WH300N/DR",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-wh300n%2fre_firmware",
          "@product": "LAN-WH300N/RE",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-wh450n%2fgp_firmware",
          "@product": "LAN-WH450N/GP",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "8.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-002797",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU91630351/index.html",
          "@id": "JVNVU#91630351",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-32626",
          "@id": "CVE-2023-32626",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-35991",
          "@id": "CVE-2023-35991",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38132",
          "@id": "CVE-2023-38132",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38576",
          "@id": "CVE-2023-38576",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39445",
          "@id": "CVE-2023-39445",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39454",
          "@id": "CVE-2023-39454",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39455",
          "@id": "CVE-2023-39455",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39944",
          "@id": "CVE-2023-39944",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40069",
          "@id": "CVE-2023-40069",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40072",
          "@id": "CVE-2023-40072",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32626",
          "@id": "CVE-2023-32626",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35991",
          "@id": "CVE-2023-35991",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38132",
          "@id": "CVE-2023-38132",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38576",
          "@id": "CVE-2023-38576",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445",
          "@id": "CVE-2023-39445",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39454",
          "@id": "CVE-2023-39454",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39455",
          "@id": "CVE-2023-39455",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39944",
          "@id": "CVE-2023-39944",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40069",
          "@id": "CVE-2023-40069",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40072",
          "@id": "CVE-2023-40072",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/120.html",
          "@id": "CWE-120",
          "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/284.html",
          "@id": "CWE-284",
          "@title": "Improper Access Control(CWE-284)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/912.html",
          "@id": "CWE-912",
          "@title": "Hidden Functionality(CWE-912)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM and LOGITEC network devices"
    }

    JVNDB-2023-002413

    Vulnerability from jvndb - Published: 2023-07-12 16:15 - Updated:2024-04-22 16:18
    Severity
    Summary
    Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers
    Details
    Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568 * Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
      "dc:date": "2024-04-22T16:18+09:00",
      "dcterms:issued": "2023-07-12T16:15+09:00",
      "dcterms:modified": "2024-04-22T16:18+09:00",
      "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568\r\n * Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
          "@product": "WRC-1167FEBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
          "@product": "WRC-1167GEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
          "@product": "WRC-1167GHBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
          "@product": "WRC-1167GHBK3-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
          "@product": "WRC-1467GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
          "@product": "WRC-1900GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
          "@product": "WRC-600GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
          "@product": "WRC-733FEBK2-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
          "@product": "WRC-F1167ACF2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w301nr_firmware",
          "@product": "LAN-W301NR firmware",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "9.8",
          "@severity": "Critical",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-002413",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/vu/JVNVU91850798/",
          "@id": "JVNVU#91850798",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37566",
          "@id": "CVE-2023-37566",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37567",
          "@id": "CVE-2023-37567",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37568",
          "@id": "CVE-2023-37568",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37566",
          "@id": "CVE-2023-37566",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37567",
          "@id": "CVE-2023-37567",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37568",
          "@id": "CVE-2023-37568",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/77.html",
          "@id": "CWE-77",
          "@title": "Command Injection(CWE-77)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers"
    }

    JVNDB-2021-000008

    Vulnerability from jvndb - Published: 2021-01-26 16:33 - Updated:2021-01-26 16:33
    Severity
    Summary
    Multiple vulnerabilities in multiple ELECOM products
    Details
    Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. *Improper Access Control (CWE-284) - CVE-2021-20643 *Script injection in web setup page (CWE-74) - CVE-2021-20644 *Stored cross-site scripting (CWE-79) - CVE-2021-20645 *Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 *OS command injection (CWE-78) - CVE-2021-20648 *Improper server certificate verification (CWE-295) - CVE-2021-20649 *OS command injection via UPnP (CWE-78) - CVE-2014-8361 CVE-2021-20643 NAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20644 Ryo Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20645, CVE-2021-20646 Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20650 Yutaka WATANABE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Satoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.
    References
    JVN https://jvn.jp/en/jp/JVN47580234/index.html
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361
    NVD https://nvd.nist.gov/vuln/detail/CVE-2014-8361
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20643
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20644
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20645
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20646
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20647
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20648
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20649
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20650
    Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
      "dc:date": "2021-01-26T16:33+09:00",
      "dcterms:issued": "2021-01-26T16:33+09:00",
      "dcterms:modified": "2021-01-26T16:33+09:00",
      "description": "Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n*Improper Access Control (CWE-284) - CVE-2021-20643\r\n*Script injection in web setup page (CWE-74) - CVE-2021-20644\r\n*Stored cross-site scripting (CWE-79) - CVE-2021-20645\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650\r\n*OS command injection (CWE-78) - CVE-2021-20648\r\n*Improper server certificate verification (CWE-295) - CVE-2021-20649\r\n*OS command injection via UPnP (CWE-78) - CVE-2014-8361\r\n\r\nCVE-2021-20643\r\nNAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20644\r\nRyo Sato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20645, CVE-2021-20646\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20647, CVE-2021-20648, CVE-2021-20649\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20650\r\nYutaka WATANABE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:ld-ps%2fu1_firmware",
          "@product": "LD-PS/U1",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:ncc-ewf100rmwh2_firmware",
          "@product": "NCC-EWF100RMWH2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
          "@product": "WRC-1467GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300febk-a_firmware",
          "@product": "WRC-300FEBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300febk-s_firmware",
          "@product": "WRC-300FEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300febk_firmware",
          "@product": "WRC-300FEBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f300nf_firmware",
          "@product": "WRC-F300NF firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "8.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000008",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN47580234/index.html",
          "@id": "JVN#47580234",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643",
          "@id": "CVE-2021-20643",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644",
          "@id": "CVE-2021-20644",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645",
          "@id": "CVE-2021-20645",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646",
          "@id": "CVE-2021-20646",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647",
          "@id": "CVE-2021-20647",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648",
          "@id": "CVE-2021-20648",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649",
          "@id": "CVE-2021-20649",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650",
          "@id": "CVE-2021-20650",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361",
          "@id": "CVE-2014-8361",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361",
          "@id": "CVE-2014-8361",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20643",
          "@id": "CVE-2021-20643",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20644",
          "@id": "CVE-2021-20644",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20645",
          "@id": "CVE-2021-20645",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20646",
          "@id": "CVE-2021-20646",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20647",
          "@id": "CVE-2021-20647",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20648",
          "@id": "CVE-2021-20648",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20649",
          "@id": "CVE-2021-20649",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20650",
          "@id": "CVE-2021-20650",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple ELECOM products"
    }