Lucene search

[email protected]NVD:CVE-2023-43752

HistoryNov 16, 2023 - 7:15 a.m.

CVE-2023-43752

2023-11-1607:15:07

CWE-78

[email protected]

web.nvd.nist.gov

os command injection

wrc-x3000gs2-w

wrc-x3000gs2-b

wrc-x3000gs2a-b

network-adjacent

authenticated user

arbitrary

request

cve-2023-43752

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.8%

JSON

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.

Affected configurations

NVD

Node

elecomwrc-x3000gs2-wMatch-

AND

elecomwrc-x3000gs2-w_firmwareRange≤1.05

Node

elecomwrc-x3000gs2-bMatch-

AND

elecomwrc-x3000gs2-b_firmwareRange≤1.05

Node

elecomwrc-x3000gs2a-bMatch-

AND

elecomwrc-x3000gs2a-b_firmwareRange≤1.05

References

jvn.jp/en/vu/JVNVU94119876/

www.elecom.co.jp/news/security/20231114-01/

8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for NVD:CVE-2023-43752

cve1 prion1 cvelist1