Lucene search

JpcertCVE-2023-28392

HistoryMay 23, 2023 - 2:15 a.m.

CVE-2023-28392

2023-05-2302:15:10

CWE-78

jpcert

web.nvd.nist.gov

cve-2023-28392

wi-fi

ap unit

security

os command

vulnerability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow an authenticated user with an administrative privilege to execute an arbitrary OS command.

Affected configurations

Nvd

Vulners

Node

inabaac-wapu-300_firmwareRange≤1.00_b07

AND

inabaac-wapu-300Match-

Node

inabaac-wapu-300-p_firmwareRange≤1.00_b08p

AND

inabaac-wapu-300-pMatch-

Node

inabaac-wapum-300_firmwareRange≤1.00_b07

AND

inabaac-wapum-300Match-

Node

inabaac-wapum-300-p_firmwareRange≤1.00_b08p

AND

inabaac-wapum-300-pMatch-

VendorProductVersionCPE
inabaac-wapu-300_firmware*cpe:2.3:o:inaba:ac-wapu-300_firmware:*:*:*:*:*:*:*:*
inabaac-wapu-300-cpe:2.3:h:inaba:ac-wapu-300:-:*:*:*:*:*:*:*
inabaac-wapu-300-p_firmware*cpe:2.3:o:inaba:ac-wapu-300-p_firmware:*:*:*:*:*:*:*:*
inabaac-wapu-300-p-cpe:2.3:h:inaba:ac-wapu-300-p:-:*:*:*:*:*:*:*
inabaac-wapum-300_firmware*cpe:2.3:o:inaba:ac-wapum-300_firmware:*:*:*:*:*:*:*:*
inabaac-wapum-300-cpe:2.3:h:inaba:ac-wapum-300:-:*:*:*:*:*:*:*
inabaac-wapum-300-p_firmware*cpe:2.3:o:inaba:ac-wapum-300-p_firmware:*:*:*:*:*:*:*:*
inabaac-wapum-300-p-cpe:2.3:h:inaba:ac-wapum-300-p:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
inaba	ac-wapu-300_firmware	*	cpe:2.3:o:inaba:ac-wapu-300_firmware::::::::
inaba	ac-wapu-300	-	cpe:2.3:h:inaba:ac-wapu-300:-:::::::*
inaba	ac-wapu-300-p_firmware	*	cpe:2.3:o:inaba:ac-wapu-300-p_firmware::::::::
inaba	ac-wapu-300-p	-	cpe:2.3:h:inaba:ac-wapu-300-p:-:::::::*
inaba	ac-wapum-300_firmware	*	cpe:2.3:o:inaba:ac-wapum-300_firmware::::::::
inaba	ac-wapum-300	-	cpe:2.3:h:inaba:ac-wapum-300:-:::::::*
inaba	ac-wapum-300-p_firmware	*	cpe:2.3:o:inaba:ac-wapum-300-p_firmware::::::::
inaba	ac-wapum-300-p	-	cpe:2.3:h:inaba:ac-wapum-300-p:-:::::::*

CNA Affected

[
  {
    "vendor": "Inaba Denki Sangyo Co., Ltd.",
    "product": "Wi-Fi AP UNIT",
    "versions": [
      {
        "version": "AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN28412757/

jvn.jp/en/vu/JVNVU98968780/

www.inaba.co.jp/abaniact/news/Wi-Fi%20AP%20UNIT%E3%80%8CAC-WAPU-300%E3%80%8D%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8BOS%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%82%A4%E3%83%B3%E3%82%B8%E3%82%A7%E3%82%AF%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

Related for CVE-2023-28392