Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WRH-300WH-H firmware by ELECOM CO.,LTD.

    JVNDB-2023-006588

    Vulnerability from jvndb - Published: 2023-11-15 18:27 - Updated:2024-04-26 15:22
    Severity
    Summary
    Multiple vulnerabilities in ELECOM and LOGITEC routers
    Details
    Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2023-43752 * Inadequate Encryption Strength (CWE-326) - CVE-2023-43757 CVE-2023-43752 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2023-43757 Katsuhiko Sato(a.k.a. goroh_kun), Yuya Adachi and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006588.html",
      "dc:date": "2024-04-26T15:22+09:00",
      "dcterms:issued": "2023-11-15T18:27+09:00",
      "dcterms:modified": "2024-04-26T15:22+09:00",
      "description": "Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n  * OS Command Injection (CWE-78) - CVE-2023-43752\r\n  * Inadequate Encryption Strength (CWE-326) - CVE-2023-43757\r\n\r\nCVE-2023-43752\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-43757\r\nKatsuhiko Sato(a.k.a. goroh_kun), Yuya Adachi and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006588.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk2_firmware",
          "@product": "WRC-1167GHBK2 firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk_firmware",
          "@product": "WRC-1167GHBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750ghbk-e_firmware",
          "@product": "WRC-1750GHBK-E firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750ghbk2-i_firmware",
          "@product": "WRC-1750GHBK2-I firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1750ghbk_firmware",
          "@product": "WRC-1750GHBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533ghbk-i_firmware",
          "@product": "WRC-2533GHBK-I firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-2533ghbk2-t_firmware",
          "@product": "WRC-2533GHBK2-T firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300febk_firmware",
          "@product": "WRC-300FEBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300ghbk2-i_firmware",
          "@product": "WRC-300GHBK2-I firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300ghbk_firmware",
          "@product": "WRC-300GHBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-733febk_firmware",
          "@product": "WRC-733FEBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-733ghbk-c_firmware",
          "@product": "WRC-733GHBK-C firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-733ghbk-i_firmware",
          "@product": "WRC-733GHBK-I firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-733ghbk_firmware",
          "@product": "WRC-733GHBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f1167acf_firmware",
          "@product": "WRC-F1167ACF firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f300nf_firmware",
          "@product": "WRC-F300NF firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware",
          "@product": "WRC-X3000GS2-B firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware",
          "@product": "WRC-X3000GS2-W firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware",
          "@product": "WRC-X3000GS2A-B firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-150bk_firmware",
          "@product": "WRH-150BK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-150wh_firmware",
          "@product": "WRH-150WH firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300bk-s_firmware",
          "@product": "WRH-300BK-S firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300bk2-s_firmware",
          "@product": "WRH-300BK2-S firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300bk_firmware",
          "@product": "WRH-300BK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300rd_firmware",
          "@product": "WRH-300RD firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300sv_firmware",
          "@product": "WRH-300SV firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300wh-h_firmware",
          "@product": "WRH-300WH-H firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300wh-s_firmware",
          "@product": "WRH-300WH-S firmwware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300wh2-s_firmware",
          "@product": "WRH-300WH2-S firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300wh_firmware",
          "@product": "WRH-300WH firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-h300bk_firmware",
          "@product": "WRH-H300BK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-h300wh_firmware",
          "@product": "WRH-H300WH firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w300n%2fp_firmware",
          "@product": "LAN-W300N/P firmware",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware",
          "@product": "LAN-W300N/RS firmware",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-w301nr_firmware",
          "@product": "LAN-W301NR firmware",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-wh300n%2fdgp_firmware",
          "@product": "LAN-WH300N/DGP firmware",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:logitec:lan-wh300ndgpe_firmware",
          "@product": "LAN-WH300NDGPE firmware",
          "@vendor": "Logitec Corp.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "6.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2023-006588",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU94119876/index.html",
          "@id": "JVNVU#94119876",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-43752",
          "@id": "CVE-2023-43752",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-43757",
          "@id": "CVE-2023-43757",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43752",
          "@id": "CVE-2023-43752",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43757",
          "@id": "CVE-2023-43757",
          "@source": "NVD"
        },
        {
          "#text": "https://cwe.mitre.org/data/definitions/326.html",
          "@id": "CWE-326",
          "@title": "Inadequate Encryption Strength(CWE-326)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        }
      ],
      "title": "Multiple vulnerabilities in ELECOM and LOGITEC routers"
    }

    JVNDB-2023-000071

    Vulnerability from jvndb - Published: 2023-07-11 15:37 - Updated:2024-03-29 15:28
    Severity
    Summary
    Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
    Details
    Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. * Cross-site Scripting (CWE-79) - CVE-2023-37560 * Open Redirect (CWE-601) - CVE-2023-37561 * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562 * Information disclosure (CWE-200) - CVE-2023-37563 * OS Command Injection (CWE-78) - CVE-2023-37564 * Code Injection (CWE-94) - CVE-2023-37565 CVE-2023-37560 Yamaguchi Kakeru reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37561, CVE-2023-37562 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37563 Shu Yoshikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer. CVE-2023-37564 Shu Yoshikoshi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2023-37565 MASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
      "dc:date": "2024-03-29T15:28+09:00",
      "dcterms:issued": "2023-07-11T15:37+09:00",
      "dcterms:modified": "2024-03-29T15:28+09:00",
      "description": "Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n  * Cross-site Scripting (CWE-79) - CVE-2023-37560\r\n  * Open Redirect (CWE-601) - CVE-2023-37561\r\n  * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562\r\n  * Information disclosure (CWE-200) - CVE-2023-37563\r\n  * OS Command Injection (CWE-78) - CVE-2023-37564\r\n  * Code Injection (CWE-94) - CVE-2023-37565\r\n\r\nCVE-2023-37560\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37561, CVE-2023-37562\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37563\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-37564\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37565\r\nMASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
          "@product": "WRC-1167FEBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167febk-s",
          "@product": "WRC-1167FEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
          "@product": "WRC-1167GEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
          "@product": "WRC-1167GHBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
          "@product": "WRC-1167GHBK3-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrh-300wh-h_firmware",
          "@product": "WRH-300WH-H firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-300hwh",
          "@product": "WTC-300HWH",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-c1167gc-b",
          "@product": "WTC-C1167GC-B",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wtc-c1167gc-w",
          "@product": "WTC-C1167GC-W",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "7.7",
          "@severity": "High",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "@version": "2.0"
        },
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000071",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN05223215/index.html",
          "@id": "JVN#05223215",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37560",
          "@id": "CVE-2023-37560",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37561",
          "@id": "CVE-2023-37561",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37562",
          "@id": "CVE-2023-37562",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37563",
          "@id": "CVE-2023-37563",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37564",
          "@id": "CVE-2023-37564",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37565",
          "@id": "CVE-2023-37565",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37560",
          "@id": "CVE-2023-37560",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37561",
          "@id": "CVE-2023-37561",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37562",
          "@id": "CVE-2023-37562",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37563",
          "@id": "CVE-2023-37563",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37564",
          "@id": "CVE-2023-37564",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37565",
          "@id": "CVE-2023-37565",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-200",
          "@title": "Information Exposure(CWE-200)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-94",
          "@title": "Code Injection(CWE-94)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters"
    }