8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
29.8%
Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
Cross-site Scripting (CWE-79) - CVE-2023-37560
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | Base Score: 6.1 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Open Redirect (CWE-601) - CVE-2023-37561
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N | Base Score: 4.7 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Cross-Site Request Forgery (CWE-352) - CVE-2023-37562
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | Base Score: 4.3 |
CVSS v2 | AV:N/AC:H/Au:N/C:N/I:P/A:N | Base Score: 2.6 |
Information disclosure (CWE-200) - CVE-2023-37563
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | Base Score: 6.5 |
CVSS v2 | AV:A/AC:L/Au:N/C:P/I:N/A:N | Base Score: 3.3 |
OS Command Injection (CWE-78) - CVE-2023-37564
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Base Score: 6.8 |
CVSS v2 | AV:A/AC:L/Au:S/C:C/I:C/A:C | Base Score: 7.7 |
Code Injection (CWE-94) - CVE-2023-37565
Version | Vector | Score |
---|---|---|
CVSS v3 | CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Base Score: 6.8 |
CVSS v2 | AV:A/AC:L/Au:S/C:P/I:P/A:P | Base Score: 5.2 |
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Stop using the products
Some vulnerable products are no longer supported. For more information, refer to the security advisory from the developer and stop using the products.
CVE-2023-37560
WRH-300WH-H v2.12 and earlier
WTC-300HWH v1.09 and earlier
CVE-2023-37561
WRH-300WH-H v2.12 and earlier
WTC-300HWH v1.09 and earlier
WTC-C1167GC-B v1.17 and earlier
WTC-C1167GC-W v1.17 and earlier
CVE-2023-37562
WTC-C1167GC-B v1.17 and earlier
WTC-C1167GC-W v1.17 and earlier
CVE-2023-37563
WRC-1167GHBK-S v1.03 and earlier
WRC-1167GEBK-S v1.03 and earlier
WRC-1167FEBK-S v1.04 and earlier
WRC-1167GHBK3-A v1.24 and earlier
WRC-1167FEBK-A v1.18 and earlier
WRC-F1167ACF2 all versions
WRC-600GHBK-A all versions
WRC-733FEBK2-A all versions
WRC-1467GHBK-A all versions
WRC-1467GHBK-S all versions
WRC-1900GHBK-A all versions
WRC-1900GHBK-S all versions
CVE-2023-37564, CVE-2023-37565
WRC-1167GHBK-S v1.03 and earlier
WRC-1167GEBK-S v1.03 and earlier
WRC-1167FEBK-S v1.04 and earlier
WRC-1167GHBK3-A v1.24 and earlier
WRC-1167FEBK-A v1.18 and earlier