CVE-2023-40072

OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:elecom:wab-s600-ps:-:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wab-s600-ps_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:elecom:wab-s300:-:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wab-s300_firmware:*:*:*:*:*:*:*:*

History

09 Sep 2024, 07:15

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de inyección de comandos del sistema operativo en los dispositivos de red ELECOM permite a un usuario autenticado ejecutar un comando arbitrario del sistema operativo enviando una solicitud especialmente diseñada. Los productos y versiones afectados son los siguientes WAB-S600-PS todas las versiones, WAB-S300 todas las versiones, WAB-M1775-PS v1.1.21 y anteriores, WAB-S1775 v1.1.9 y anteriores, WAB-S1167 v1.0.7 y anteriores, y WAB-M2133 v1.3.22 y anteriores.
Summary (en) OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. (en) OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

28 Feb 2024, 23:15

Type Values Removed Values Added
Summary (en) OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, and WAB-S1167 v1.0.7 and earlier. (en) OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier.

23 Jan 2024, 10:15

Type Values Removed Values Added
References
  • () https://www.elecom.co.jp/news/security/20231114-01/ -
Summary OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, and WAB-S1167 v1.0.7 and earlier.

23 Aug 2023, 16:45

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://jvn.jp/en/vu/JVNVU91630351/ - (MISC) https://jvn.jp/en/vu/JVNVU91630351/ - Third Party Advisory
References (MISC) https://www.elecom.co.jp/news/security/20230810-01/ - (MISC) https://www.elecom.co.jp/news/security/20230810-01/ - Vendor Advisory
CPE cpe:2.3:h:elecom:wab-s300:-:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wab-s600-ps_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wab-s300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wab-s600-ps:-:*:*:*:*:*:*:*
CWE CWE-78
First Time Elecom
Elecom wab-s600-ps Firmware
Elecom wab-s600-ps
Elecom wab-s300
Elecom wab-s300 Firmware

18 Aug 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-18 10:15

Updated : 2024-09-09 07:15


NVD link : CVE-2023-40072

Mitre link : CVE-2023-40072

CVE.ORG link : CVE-2023-40072


JSON object : View

Products Affected

elecom

  • wab-s600-ps_firmware
  • wab-s300_firmware
  • wab-s600-ps
  • wab-s300
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')