OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.
References
| Link | Resource |
|---|---|
| https://jvn.jp/en/vu/JVNVU91630351/ | Third Party Advisory |
| https://www.elecom.co.jp/news/security/20230810-01/ | Vendor Advisory |
Configurations
History
23 Aug 2023, 16:47
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-78 | |
| CPE | cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | (MISC) https://jvn.jp/en/vu/JVNVU91630351/ - Third Party Advisory | |
| References | (MISC) https://www.elecom.co.jp/news/security/20230810-01/ - Vendor Advisory | |
| First Time |
Elecom wrc-f1167acf
Elecom wrc-1750ghbk Firmware Elecom wrc-f1167acf Firmware Elecom Elecom wrc-1750ghbk |
18 Aug 2023, 10:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-18 10:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-39944
Mitre link : CVE-2023-39944
CVE.ORG link : CVE-2023-39944
JSON object : View
Products Affected
elecom
- wrc-1750ghbk
- wrc-1750ghbk_firmware
- wrc-f1167acf_firmware
- wrc-f1167acf
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')