CVE-2023-32626

2023-08-1809:36:26

jpcert

www.cve.org

vulnerability

lan-w300n/rs

lan-w300n/pr5

unauthenticated access

arbitrary command execution

cve-2023-32626

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product’s certain management console and execute arbitrary OS commands.

CNA Affected

[
  {
    "vendor": "LOGITEC CORPORATION",
    "product": "LAN-W300N/RS",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "LOGITEC CORPORATION",
    "product": "LAN-W300N/PR5",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU91630351/

www.elecom.co.jp/news/security/20230810-01/