CVE-2023-37561
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.9%
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| elecom | wrh\-300wh\-h | 2.12 | cpe:2.3:h:elecom:wrh\-300wh\-h:2.12:*:*:*:*:*:*:* |
| elecom | wtc\-300hwh | 1.09 | cpe:2.3:h:elecom:wtc\-300hwh:1.09:*:*:*:*:*:*:* |
| elecom | wtc\-c1167gc\-b | 1.17 | cpe:2.3:h:elecom:wtc\-c1167gc\-b:1.17:*:*:*:*:*:*:* |
| elecom | wtc\-c1167gc\-w | 1.17 | cpe:2.3:h:elecom:wtc\-c1167gc\-w:1.17:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "ELECOM CO.,LTD.",
"product": "WRH-300WH-H",
"versions": [
{
"version": "v2.12 and earlier",
"status": "affected"
}
]
},
{
"vendor": "ELECOM CO.,LTD.",
"product": "WTC-300HWH",
"versions": [
{
"version": "v1.09 and earlier",
"status": "affected"
}
]
},
{
"vendor": "ELECOM CO.,LTD.",
"product": "WTC-C1167GC-B",
"versions": [
{
"version": "v1.17 and earlier",
"status": "affected"
}
]
},
{
"vendor": "ELECOM CO.,LTD.",
"product": "WTC-C1167GC-W",
"versions": [
{
"version": "v1.17 and earlier",
"status": "affected"
}
]
}
]Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.9%