CVE-2023-40072

2023-08-1809:45:31

jpcert

www.cve.org

command injection

elecom

network devices

authenticated user

os command

vulnerability

wab-s600-ps

wab-s300

wab-m1775-ps

wab-s1775

wab-s1167

wab-m2133

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier.

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S600-PS",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S300",
    "versions": [
      {
        "version": "all versions",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-M1775-PS",
    "versions": [
      {
        "version": "v1.1.21 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S1775",
    "versions": [
      {
        "version": "v1.1.9 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-S1167",
    "versions": [
      {
        "version": "v1.0.7 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WAB-M2133",
    "versions": [
      {
        "version": "v1.3.22 and earlier",
        "status": "affected"
      }
    ]
  }
]