CVE-2023-37560

2023-07-1301:16:30

jpcert

www.cve.org

cve-2023-37560

remote attacker

arbitrary script injection

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRH-300WH-H",
    "versions": [
      {
        "version": "v2.12 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WTC-300HWH",
    "versions": [
      {
        "version": "v1.09 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN05223215/

www.elecom.co.jp/news/security/20230711-01/