Lucene search

[email protected]CVE-2023-40072

HistoryAug 18, 2023 - 10:15 a.m.

CVE-2023-40072

2023-08-1810:15:12

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-40072

os command injection

wab-s600-ps

wab-s300

authenticated user

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier.

Affected configurations

Vulners

NVD

Node

elecomwab-s600-psMatch1.1.21

elecomwab-matMatch1.1.9

elecomwab-matMatch1.0.7

elecomwab-matMatch1.3.22

VendorProductVersionCPE
elecomwab\-s600\-ps1.1.21cpe:2.3:h:elecom:wab\-s600\-ps:1.1.21:*:*:*:*:*:*:*
elecomwab\-mat1.1.9cpe:2.3:a:elecom:wab\-mat:1.1.9:*:*:*:*:*:*:*
elecomwab\-mat1.0.7cpe:2.3:a:elecom:wab\-mat:1.0.7:*:*:*:*:*:*:*
elecomwab\-mat1.3.22cpe:2.3:a:elecom:wab\-mat:1.3.22:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wab\-s600\-ps	1.1.21	cpe:2.3:h:elecom:wab\-s600\-ps:1.1.21:::::::*
elecom	wab\-mat	1.1.9	cpe:2.3:a:elecom:wab\-mat:1.1.9:::::::*
elecom	wab\-mat	1.0.7	cpe:2.3:a:elecom:wab\-mat:1.0.7:::::::*
elecom	wab\-mat	1.3.22	cpe:2.3:a:elecom:wab\-mat:1.3.22:::::::*

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S600-PS",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S300",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-M1775-PS",
    "versions": [
      {
        "version": "v1.1.21 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S1775",
    "versions": [
      {
        "version": "v1.1.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S1167",
    "versions": [
      {
        "version": "v1.0.7 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-M2133",
    "versions": [
      {
        "version": "v1.3.22 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU91630351/

www.elecom.co.jp/news/security/20230810-01/

www.elecom.co.jp/news/security/20231114-01/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.1%

JSON

Related for CVE-2023-40072

prion1 nvd1 cvelist1