Lucene search

JpcertCVELIST:CVE-2023-37564

HistoryJul 13, 2023 - 3:01 a.m.

CVE-2023-37564

2023-07-1303:01:41

jpcert

www.cve.org

elecom

wireless lan routers

os command injection

network-adjacent attacker

root privilege

version 1.03

version 1.04

version 1.24

version 1.18.

8.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GHBK-S",
    "versions": [
      {
        "version": "v1.03 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GEBK-S",
    "versions": [
      {
        "version": "v1.03 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167FEBK-S",
    "versions": [
      {
        "version": "v1.04 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GHBK3-A",
    "versions": [
      {
        "version": "v1.24 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167FEBK-A",
    "versions": [
      {
        "version": "v1.18 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN05223215/

www.elecom.co.jp/news/security/20230711-01/