Lucene search

[email protected]NVD:CVE-2023-37566

HistoryJul 13, 2023 - 2:15 a.m.

CVE-2023-37566

2023-07-1302:15:09

CWE-77

[email protected]

web.nvd.nist.gov

command injection

elecom

logitec

wireless lan routers

vulnerability

web management

network-adjacent attacker

authenticated

product versions

cve-2023-37566

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.

Affected configurations

NVD

Node

elecomwrc-1167ghbk3-a_firmwareRange≤1.24

AND

elecomwrc-1167ghbk3-aMatch-

Node

elecomwrc-1167febk-a_firmwareRange≤1.18

AND

elecomwrc-1167febk-aMatch-

References

jvn.jp/en/vu/JVNVU91850798/

www.elecom.co.jp/news/security/20230711-01/

www.elecom.co.jp/news/security/20230810-01/

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-37566

prion1 cve1 cvelist1