Lucene search

[email protected]CVE-2023-37564

HistoryJul 13, 2023 - 4:15 a.m.

CVE-2023-37564

2023-07-1304:15:10

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-37564

elecom

wireless lan routers

os command injection

vulnerability

network-adjacent attacker

privilege escalation

nvd

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.

Affected configurations

Vulners

NVD

Node

elecomwrc-1167ghbk-sMatch1.03

elecomwrc-1167gebk-sMatch1.03

elecomwrc-1167febk-sMatch1.04

elecomwrc-1167ghbk3-aMatch1.24

elecomwrc-1167febk-aMatch1.18

VendorProductVersionCPE
elecomwrc\-1167ghbk\-s1.03cpe:2.3:h:elecom:wrc\-1167ghbk\-s:1.03:*:*:*:*:*:*:*
elecomwrc\-1167gebk\-s1.03cpe:2.3:h:elecom:wrc\-1167gebk\-s:1.03:*:*:*:*:*:*:*
elecomwrc\-1167febk\-s1.04cpe:2.3:h:elecom:wrc\-1167febk\-s:1.04:*:*:*:*:*:*:*
elecomwrc\-1167ghbk3\-a1.24cpe:2.3:h:elecom:wrc\-1167ghbk3\-a:1.24:*:*:*:*:*:*:*
elecomwrc\-1167febk\-a1.18cpe:2.3:h:elecom:wrc\-1167febk\-a:1.18:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wrc\-1167ghbk\-s	1.03	cpe:2.3:h:elecom:wrc\-1167ghbk\-s:1.03:::::::*
elecom	wrc\-1167gebk\-s	1.03	cpe:2.3:h:elecom:wrc\-1167gebk\-s:1.03:::::::*
elecom	wrc\-1167febk\-s	1.04	cpe:2.3:h:elecom:wrc\-1167febk\-s:1.04:::::::*
elecom	wrc\-1167ghbk3\-a	1.24	cpe:2.3:h:elecom:wrc\-1167ghbk3\-a:1.24:::::::*
elecom	wrc\-1167febk\-a	1.18	cpe:2.3:h:elecom:wrc\-1167febk\-a:1.18:::::::*

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GHBK-S",
    "versions": [
      {
        "version": "v1.03 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GEBK-S",
    "versions": [
      {
        "version": "v1.03 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167FEBK-S",
    "versions": [
      {
        "version": "v1.04 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GHBK3-A",
    "versions": [
      {
        "version": "v1.24 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167FEBK-A",
    "versions": [
      {
        "version": "v1.18 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN05223215/

www.elecom.co.jp/news/security/20230711-01/

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2023-37564

nvd1 prion1 cvelist1 jvn1