Search
Find a vulnerability
Search criteria
8 vulnerabilities found for wrc-1167febk-a_firmware by elecom
CVE-2023-37565 (GCVE-0-2023-37565)
Vulnerability from nvd – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
VLAI
Summary
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Code injection
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GEBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-S |
Affected:
v1.04 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| elecom | wrc-1167gebk-s |
Affected:
0 , < 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-s |
Affected:
0 , < 1.04
(custom)
cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167ghbk-s |
Affected:
0 , < 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , < 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-a |
Affected:
0 , < 1.18
(custom)
cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:43:07.183541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:48:22.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:04:25.910Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37565",
"datePublished": "2023-07-13T03:04:25.910Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-07T14:48:22.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37564 (GCVE-0-2023-37564)
Vulnerability from nvd – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GEBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-S |
Affected:
v1.04 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| elecom | wrc-1167ghbk-s |
Affected:
0 , ≤ 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gebk-s |
Affected:
0 , ≤ 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-s |
Affected:
0 , ≤ 1.04
(custom)
cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-a |
Affected:
0 , ≤ 1.18
(custom)
cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:21:27.301662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:24:49.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:01:41.200Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37564",
"datePublished": "2023-07-13T03:01:41.200Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T15:24:49.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37563 (GCVE-0-2023-37563)
Vulnerability from nvd – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
VLAI
Summary
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GEBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-S |
Affected:
v1.04 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-F1167ACF2 |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-600GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-733FEBK2-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-S |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-S |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:06:38.318539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:07:10.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier "
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:31:52.811Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37563",
"datePublished": "2023-07-13T02:59:04.187Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T18:07:10.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37566 (GCVE-0-2023-37566)
Vulnerability from nvd – Published: 2023-07-13 01:44 – Updated: 2024-11-06 18:19
VLAI
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Arbitrary command execution
Assigner
References
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-F1167ACF2 |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-600GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-733FEBK2-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-A |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-W301NR |
Affected:
all versions
|
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-a |
Affected:
0 , ≤ 1.18
(custom)
cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-f1167acf2 |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:* |
|
| elecom | wrc-600ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-733febk2-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1467ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1900ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | lan-w301nr |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:31.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-f1167acf2",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-600ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-733febk2-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1467ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1900ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w301nr",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:15:05.526570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:19:31.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "LAN-W301NR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:34:09.134Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37566",
"datePublished": "2023-07-13T01:44:48.791Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-06T18:19:31.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37565 (GCVE-0-2023-37565)
Vulnerability from cvelistv5 – Published: 2023-07-13 03:04 – Updated: 2024-11-07 14:48
VLAI
Summary
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Code injection
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GEBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-S |
Affected:
v1.04 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| elecom | wrc-1167gebk-s |
Affected:
0 , < 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-s |
Affected:
0 , < 1.04
(custom)
cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167ghbk-s |
Affected:
0 , < 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , < 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-a |
Affected:
0 , < 1.18
(custom)
cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T14:43:07.183541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T14:48:22.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:04:25.910Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37565",
"datePublished": "2023-07-13T03:04:25.910Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-07T14:48:22.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37564 (GCVE-0-2023-37564)
Vulnerability from cvelistv5 – Published: 2023-07-13 03:01 – Updated: 2024-11-06 15:24
VLAI
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- OS command injection
Assigner
References
2 references
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GEBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-S |
Affected:
v1.04 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| elecom | wrc-1167ghbk-s |
Affected:
0 , ≤ 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167gebk-s |
Affected:
0 , ≤ 1.03
(custom)
cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-s |
Affected:
0 , ≤ 1.04
(custom)
cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-a |
Affected:
0 , ≤ 1.18
(custom)
cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167gebk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-s",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T15:21:27.301662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T15:24:49.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier"
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier"
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T03:01:41.200Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37564",
"datePublished": "2023-07-13T03:01:41.200Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T15:24:49.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37563 (GCVE-0-2023-37563)
Vulnerability from cvelistv5 – Published: 2023-07-13 02:59 – Updated: 2024-11-06 18:07
VLAI
Summary
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Information disclosure
- CWE-922 - Insecure Storage of Sensitive Information
Assigner
References
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GEBK-S |
Affected:
v1.03 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-S |
Affected:
v1.04 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-F1167ACF2 |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-600GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-733FEBK2-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-S |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-S |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37563",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:06:38.318539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:07:10.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167GEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.03 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.04 and earlier "
}
]
},
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-S",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:31:52.811Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37563",
"datePublished": "2023-07-13T02:59:04.187Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-11-06T18:07:10.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37566 (GCVE-0-2023-37566)
Vulnerability from cvelistv5 – Published: 2023-07-13 01:44 – Updated: 2024-11-06 18:19
VLAI
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Arbitrary command execution
Assigner
References
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-F1167ACF2 |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-600GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-733FEBK2-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-A |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-W301NR |
Affected:
all versions
|
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-a |
Affected:
0 , ≤ 1.18
(custom)
cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-f1167acf2 |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:* |
|
| elecom | wrc-600ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-733febk2-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1467ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1900ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | lan-w301nr |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:31.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-f1167acf2",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-600ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-733febk2-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1467ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1900ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w301nr",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:15:05.526570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:19:31.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "LAN-W301NR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:34:09.134Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37566",
"datePublished": "2023-07-13T01:44:48.791Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-06T18:19:31.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}