CVE-2023-43752

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:elecom:wrc-x3000gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x3000gs2-w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:elecom:wrc-x3000gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x3000gs2-b:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:elecom:wrc-x3000gs2a-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x3000gs2a-b:-:*:*:*:*:*:*:*

History

29 Nov 2023, 19:51

Type Values Removed Values Added
First Time Elecom wrc-x3000gs2a-b Firmware
Elecom wrc-x3000gs2-b
Elecom
Elecom wrc-x3000gs2a-b
Elecom wrc-x3000gs2-b Firmware
Elecom wrc-x3000gs2-w Firmware
Elecom wrc-x3000gs2-w
References () https://www.elecom.co.jp/news/security/20231114-01/ - () https://www.elecom.co.jp/news/security/20231114-01/ - Vendor Advisory
References () https://jvn.jp/en/vu/JVNVU94119876/ - () https://jvn.jp/en/vu/JVNVU94119876/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0
CPE cpe:2.3:o:elecom:wrc-x3000gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x3000gs2-w:-:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x3000gs2-b:-:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-x3000gs2a-b:-:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-x3000gs2a-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:elecom:wrc-x3000gs2-b_firmware:*:*:*:*:*:*:*:*
CWE CWE-78

16 Nov 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-16 07:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-43752

Mitre link : CVE-2023-43752

CVE.ORG link : CVE-2023-43752


JSON object : View

Products Affected

elecom

  • wrc-x3000gs2-w
  • wrc-x3000gs2-w_firmware
  • wrc-x3000gs2-b
  • wrc-x3000gs2a-b
  • wrc-x3000gs2-b_firmware
  • wrc-x3000gs2a-b_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')