CVE-2023-39944

2023-08-1809:43:35

jpcert

www.cve.org

command injection

vulnerability

wrc-f1167acf

wrc-1750ghbk

arbitrary os command

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-F1167ACF",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-1750GHBK",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU91630351/

www.elecom.co.jp/news/security/20230810-01/