Lucene search

[email protected]CVE-2023-32626

HistoryAug 18, 2023 - 10:15 a.m.

CVE-2023-32626

2023-08-1810:15:09

[email protected]

web.nvd.nist.gov

cve

2023

32626

lan-w300n

pr5

vulnerability

unauthenticated attacker

arbitrary os commands

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.4%

JSON

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product’s certain management console and execute arbitrary OS commands.

Affected configurations

NVD

Node

elecomlan-w300n\/rs_firmware

AND

elecomlan-w300n\/rsMatch-

Node

elecomlan-w300n\/pr5_firmware

AND

elecomlan-w300n\/pr5Match-

CPENameOperatorVersion
elecom:lan-w300n\/rs_firmwareelecom lan-w300n/rs firmwareeq*

CPE	Name	Operator	Version
elecom:lan-w300n\/rs_firmware	elecom lan-w300n/rs firmware	eq	*

CNA Affected

[
  {
    "vendor": "LOGITEC CORPORATION",
    "product": "LAN-W300N/RS",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "LOGITEC CORPORATION",
    "product": "LAN-W300N/PR5",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU91630351/

www.elecom.co.jp/news/security/20230810-01/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for CVE-2023-32626

nvd1 prion1 cvelist1