CVE-2023-37568

2023-07-1301:48:09

jpcert

www.cve.org

cve-2023-37568

elecom

routers

arbitrary command execution

web management page

network-adjacent

authenticated attacker

AI Score

8.2

Confidence

High

EPSS

Percentile

9.0%

JSON

ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GHBK-S",
    "versions": [
      {
        "version": "v1.03 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1167GEBK-S",
    "versions": [
      {
        "version": "v1.03 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU91850798/

www.elecom.co.jp/news/security/20230711-01/