ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.
References
Link | Resource |
---|---|
https://jvn.jp/en/vu/JVNVU91850798/ | Third Party Advisory |
https://www.elecom.co.jp/news/security/20230711-01/ | Vendor Advisory |
Configurations
History
25 Jul 2023, 14:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
CPE | cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.elecom.co.jp/news/security/20230711-01/ - Vendor Advisory | |
References | (MISC) https://jvn.jp/en/vu/JVNVU91850798/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
First Time |
Elecom
Elecom wrc-1167gebk-s Elecom wrc-1167ghbk-s Elecom wrc-1167gebk-s Firmware Elecom wrc-1167ghbk-s Firmware |
13 Jul 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 02:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-37568
Mitre link : CVE-2023-37568
CVE.ORG link : CVE-2023-37568
JSON object : View
Products Affected
elecom
- wrc-1167ghbk-s
- wrc-1167gebk-s_firmware
- wrc-1167ghbk-s_firmware
- wrc-1167gebk-s
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')