CVE-2023-49695

2023-12-1208:58:47

jpcert

www.cve.org

command injection

network-adjacent attacker

administrative privilege

specially crafted request

wrc-x3000gsn

wrc-x3000gs

wrc-x3000gsa

EPSS

Percentile

9.6%

JSON

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.

CNA Affected

[
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GSN",
    "versions": [
      {
        "version": "v1.0.2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GS",
    "versions": [
      {
        "version": "v1.0.24 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "ELECOM CO.,LTD.",
    "product": "WRC-X3000GSA",
    "versions": [
      {
        "version": "v1.0.24 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU97499577/

www.elecom.co.jp/news/security/20231212-01/

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2023-49695