All the vulnerabilites related to ELECOM CO.,LTD. - WRC-1467GHBK-A
cve-2023-37566
Vulnerability from cvelistv5
Published
2023-07-13 01:44
Modified
2024-11-06 18:19
Severity ?
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
Impacted products
Vendor Product Version
ELECOM CO.,LTD. WRC-1167FEBK-A Version: v1.18 and earlier
ELECOM CO.,LTD. WRC-F1167ACF2 Version: all versions
ELECOM CO.,LTD. WRC-600GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-733FEBK2-A Version: all versions
ELECOM CO.,LTD. WRC-1467GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-1900GHBK-A Version: all versions
LOGITEC CORPORATION LAN-W301NR Version: all versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:31.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91850798/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1167ghbk3-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "1.24",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1167febk-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "1.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-f1167acf2",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-600ghbk-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-733febk2-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1467ghbk-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1900ghbk-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-w301nr",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37566",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T18:15:05.526570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T18:19:31.073Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-1167GHBK3-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.24 and earlier "
            }
          ]
        },
        {
          "product": "WRC-1167FEBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.18 and earlier "
            }
          ]
        },
        {
          "product": "WRC-F1167ACF2",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-600GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-733FEBK2-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "LAN-W301NR",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary command execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:34:09.134Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://www.elecom.co.jp/news/security/20230711-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91850798/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-37566",
    "datePublished": "2023-07-13T01:44:48.791Z",
    "dateReserved": "2023-07-07T08:46:11.999Z",
    "dateUpdated": "2024-11-06T18:19:31.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37567
Vulnerability from cvelistv5
Published
2023-07-13 01:46
Modified
2024-11-06 14:28
Severity ?
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
Impacted products
Vendor Product Version
ELECOM CO.,LTD. WRC-F1167ACF2 Version: all versions
ELECOM CO.,LTD. WRC-600GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-733FEBK2-A Version: all versions
ELECOM CO.,LTD. WRC-1467GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-1900GHBK-A Version: all versions
LOGITEC CORPORATION LAN-W301NR Version: all versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:30.873Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91850798/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1167ghbk3-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "1.24",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-f1167acf2",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-600ghbk-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-733febk2-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1467ghbk-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1900ghbk-a",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-w301nr",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37567",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T14:23:25.188680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T14:28:41.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-1167GHBK3-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.24 and earlier "
            }
          ]
        },
        {
          "product": "WRC-F1167ACF2",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-600GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-733FEBK2-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "LAN-W301NR",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary command execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:35:14.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://www.elecom.co.jp/news/security/20230711-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91850798/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-37567",
    "datePublished": "2023-07-13T01:46:47.274Z",
    "dateReserved": "2023-07-07T08:46:11.999Z",
    "dateUpdated": "2024-11-06T14:28:41.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37563
Vulnerability from cvelistv5
Published
2023-07-13 02:59
Modified
2024-11-06 18:07
Severity ?
Summary
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.
Impacted products
Vendor Product Version
ELECOM CO.,LTD. WRC-1167GEBK-S Version: v1.03 and earlier
ELECOM CO.,LTD. WRC-1167FEBK-S Version: v1.04 and earlier
ELECOM CO.,LTD. WRC-1167GHBK3-A Version: v1.24 and earlier
ELECOM CO.,LTD. WRC-1167FEBK-A Version: v1.18 and earlier
ELECOM CO.,LTD. WRC-F1167ACF2 Version: all versions
ELECOM CO.,LTD. WRC-600GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-733FEBK2-A Version: all versions
ELECOM CO.,LTD. WRC-1467GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-1467GHBK-S Version: all versions
ELECOM CO.,LTD. WRC-1900GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-1900GHBK-S Version: all versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:16:30.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN05223215/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37563",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T18:06:38.318539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-922",
                "description": "CWE-922 Insecure Storage of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T18:07:10.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-1167GHBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.03 and earlier "
            }
          ]
        },
        {
          "product": "WRC-1167GEBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.03 and earlier "
            }
          ]
        },
        {
          "product": "WRC-1167FEBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.04 and earlier "
            }
          ]
        },
        {
          "product": "WRC-1167GHBK3-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.24 and earlier "
            }
          ]
        },
        {
          "product": "WRC-1167FEBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.18 and earlier "
            }
          ]
        },
        {
          "product": "WRC-F1167ACF2",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-600GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-733FEBK2-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions "
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:31:52.811Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://www.elecom.co.jp/news/security/20230711-01/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN05223215/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-37563",
    "datePublished": "2023-07-13T02:59:04.187Z",
    "dateReserved": "2023-07-07T08:46:11.998Z",
    "dateUpdated": "2024-11-06T18:07:10.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-39455
Vulnerability from cvelistv5
Published
2023-08-18 09:42
Modified
2024-08-02 18:10
Severity ?
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.
Impacted products
Vendor Product Version
ELECOM CO.,LTD. WRC-1467GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-1900GHBK-A Version: all versions
ELECOM CO.,LTD. WRC-733FEBK2-A Version: all versions
ELECOM CO.,LTD. WRC-F1167ACF2 Version: all versions
ELECOM CO.,LTD. WRC-1467GHBK-S Version: all versions
ELECOM CO.,LTD. WRC-1900GHBK-S Version: all versions
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:20.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-600GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-733FEBK2-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-F1167ACF2",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:42:19.491Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-39455",
    "datePublished": "2023-08-18T09:42:19.491Z",
    "dateReserved": "2023-08-09T11:55:00.303Z",
    "dateUpdated": "2024-08-02T18:10:20.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20644
Vulnerability from cvelistv5
Published
2021-02-12 06:15
Modified
2024-08-03 17:45
Severity ?
Summary
ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displaying a specially crafted SSID on the web setup page.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:45.343Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-1467GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "WRC-1467GHBK-A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user\u0027s web browser by displaying a specially crafted SSID on the web setup page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Script injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-12T06:15:47",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.elecom.co.jp/news/security/20210126-01/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20644",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WRC-1467GHBK-A",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "WRC-1467GHBK-A"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ELECOM CO.,LTD."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user\u0027s web browser by displaying a specially crafted SSID on the web setup page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Script injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.elecom.co.jp/news/security/20210126-01/",
              "refsource": "MISC",
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20644",
    "datePublished": "2021-02-12T06:15:47",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:45:45.343Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

jvndb-2023-002413
Vulnerability from jvndb
Published
2023-07-12 16:15
Modified
2024-04-22 16:18
Severity ?
Summary
Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers
Details
Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568 * Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
  "dc:date": "2024-04-22T16:18+09:00",
  "dcterms:issued": "2023-07-12T16:15+09:00",
  "dcterms:modified": "2024-04-22T16:18+09:00",
  "description": "Multiple wireless LAN routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * Command Injection on the web management page (CWE-77) - CVE-2023-37566, CVE-2023-37568\r\n * Command Injection on a certain port of the web management page (CWE-77) - CVE-2023-37567\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002413.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
      "@product": "WRC-1167FEBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
      "@product": "WRC-1167GEBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
      "@product": "WRC-1167GHBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
      "@product": "WRC-1167GHBK3-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
      "@product": "WRC-1467GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
      "@product": "WRC-1900GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
      "@product": "WRC-600GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
      "@product": "WRC-733FEBK2-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
      "@product": "WRC-F1167ACF2",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w301nr_firmware",
      "@product": "LAN-W301NR firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-002413",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU91850798/",
      "@id": "JVNVU#91850798",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37566",
      "@id": "CVE-2023-37566",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37567",
      "@id": "CVE-2023-37567",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37568",
      "@id": "CVE-2023-37568",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37566",
      "@id": "CVE-2023-37566",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37567",
      "@id": "CVE-2023-37567",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37568",
      "@id": "CVE-2023-37568",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/77.html",
      "@id": "CWE-77",
      "@title": "Command Injection(CWE-77)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM and LOGITEC wireless LAN routers"
}

jvndb-2023-002797
Vulnerability from jvndb
Published
2023-08-15 11:54
Modified
2024-08-29 09:39
Severity ?
Summary
Multiple vulnerabilities in ELECOM and LOGITEC network devices
Details
Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 * Telnet service access restriction failure (CWE-284) - CVE-2023-38132 * Hidden Functionality (CWE-912) - CVE-2023-38576 * Buffer overflow (CWE-120) - CVE-2023-39454 * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072 * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
  "dc:date": "2024-08-29T09:39+09:00",
  "dcterms:issued": "2023-08-15T11:54+09:00",
  "dcterms:modified": "2024-08-29T09:39+09:00",
  "description": "Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n  * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445\r\n  * Telnet service access restriction failure (CWE-284) - CVE-2023-38132\r\n  * Hidden Functionality (CWE-912) - CVE-2023-38576\r\n  * Buffer overflow (CWE-120) - CVE-2023-39454\r\n  * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072\r\n  * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:elecom:wab-i1750-ps",
      "@product": "WAB-I1750-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:elecom:wab-s1167-ps",
      "@product": "WAB-S1167-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-m1775-ps_firmware",
      "@product": "WAB-M1775-PS firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-m2133_firmware",
      "@product": "WAB-M2133 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s1167_firmware",
      "@product": "WAB-S1167 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s1775_firmware",
      "@product": "WAB-S1775 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s300_firmware",
      "@product": "WAB-S300",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s600-ps_firmware",
      "@product": "WAB-S600-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1167ghbk2_firmware",
      "@product": "WRC-1167GHBK2 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
      "@product": "WRC-1467GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-s_firmware",
      "@product": "WRC-1467GHBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk-e_firmware",
      "@product": "WRC-1750GHBK-E firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk2-i_firmware",
      "@product": "WRC-1750GHBK2-I firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk_firmware",
      "@product": "WRC-1750GHBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
      "@product": "WRC-1900GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1900ghbk-s_firmware",
      "@product": "WRC-1900GHBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
      "@product": "WRC-600GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
      "@product": "WRC-733FEBK2-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
      "@product": "WRC-F1167ACF2",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf_firmware",
      "@product": "WRC-F1167ACF firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
      "@product": "WRC-X1800GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
      "@product": "WRC-X1800GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
      "@product": "WRC-X1800GSH-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fdr_firmware",
      "@product": "LAN-W300N/DR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fpr5_firmware",
      "@product": "LAN-W300N/PR5",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fp_firmware",
      "@product": "LAN-W300N/P firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware",
      "@product": "LAN-W300N/RS firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w451ngr_firmware",
      "@product": "LAN-W451NGR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300an%2fdgp_firmware",
      "@product": "LAN-WH300AN/DGP",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300andgpe_firmware",
      "@product": "LAN-WH300ANDGPE",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fdgp_firmware",
      "@product": "LAN-WH300N/DGP firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fdr_firmware",
      "@product": "LAN-WH300N/DR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fre_firmware",
      "@product": "LAN-WH300N/RE",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh450n%2fgp_firmware",
      "@product": "LAN-WH450N/GP",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-002797",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU91630351/index.html",
      "@id": "JVNVU#91630351",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-32626",
      "@id": "CVE-2023-32626",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-35991",
      "@id": "CVE-2023-35991",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38132",
      "@id": "CVE-2023-38132",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38576",
      "@id": "CVE-2023-38576",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39445",
      "@id": "CVE-2023-39445",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39454",
      "@id": "CVE-2023-39454",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39455",
      "@id": "CVE-2023-39455",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39944",
      "@id": "CVE-2023-39944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40069",
      "@id": "CVE-2023-40069",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40072",
      "@id": "CVE-2023-40072",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32626",
      "@id": "CVE-2023-32626",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35991",
      "@id": "CVE-2023-35991",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38132",
      "@id": "CVE-2023-38132",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38576",
      "@id": "CVE-2023-38576",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445",
      "@id": "CVE-2023-39445",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39454",
      "@id": "CVE-2023-39454",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39455",
      "@id": "CVE-2023-39455",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39944",
      "@id": "CVE-2023-39944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40069",
      "@id": "CVE-2023-40069",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40072",
      "@id": "CVE-2023-40072",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/912.html",
      "@id": "CWE-912",
      "@title": "Hidden Functionality(CWE-912)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM and LOGITEC network devices"
}

jvndb-2021-000008
Vulnerability from jvndb
Published
2021-01-26 16:33
Modified
2021-01-26 16:33
Severity ?
Summary
Multiple vulnerabilities in multiple ELECOM products
Details
Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. *Improper Access Control (CWE-284) - CVE-2021-20643 *Script injection in web setup page (CWE-74) - CVE-2021-20644 *Stored cross-site scripting (CWE-79) - CVE-2021-20645 *Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 *OS command injection (CWE-78) - CVE-2021-20648 *Improper server certificate verification (CWE-295) - CVE-2021-20649 *OS command injection via UPnP (CWE-78) - CVE-2014-8361 CVE-2021-20643 NAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20644 Ryo Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20645, CVE-2021-20646 Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20650 Yutaka WATANABE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Satoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.
References
JVN https://jvn.jp/en/jp/JVN47580234/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361
NVD https://nvd.nist.gov/vuln/detail/CVE-2014-8361
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20643
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20644
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20645
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20646
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20647
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20648
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20649
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20650
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
  "dc:date": "2021-01-26T16:33+09:00",
  "dcterms:issued": "2021-01-26T16:33+09:00",
  "dcterms:modified": "2021-01-26T16:33+09:00",
  "description": "Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n*Improper Access Control (CWE-284) - CVE-2021-20643\r\n*Script injection in web setup page (CWE-74) - CVE-2021-20644\r\n*Stored cross-site scripting (CWE-79) - CVE-2021-20645\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650\r\n*OS command injection (CWE-78) - CVE-2021-20648\r\n*Improper server certificate verification (CWE-295) - CVE-2021-20649\r\n*OS command injection via UPnP (CWE-78) - CVE-2014-8361\r\n\r\nCVE-2021-20643\r\nNAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20644\r\nRyo Sato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20645, CVE-2021-20646\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20647, CVE-2021-20648, CVE-2021-20649\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20650\r\nYutaka WATANABE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:ld-ps%2fu1_firmware",
      "@product": "LD-PS/U1",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:ncc-ewf100rmwh2_firmware",
      "@product": "NCC-EWF100RMWH2",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
      "@product": "WRC-1467GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300febk-a_firmware",
      "@product": "WRC-300FEBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300febk-s_firmware",
      "@product": "WRC-300FEBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300febk_firmware",
      "@product": "WRC-300FEBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f300nf_firmware",
      "@product": "WRC-F300NF firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000008",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN47580234/index.html",
      "@id": "JVN#47580234",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643",
      "@id": "CVE-2021-20643",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644",
      "@id": "CVE-2021-20644",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645",
      "@id": "CVE-2021-20645",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646",
      "@id": "CVE-2021-20646",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647",
      "@id": "CVE-2021-20647",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648",
      "@id": "CVE-2021-20648",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649",
      "@id": "CVE-2021-20649",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650",
      "@id": "CVE-2021-20650",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20643",
      "@id": "CVE-2021-20643",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20644",
      "@id": "CVE-2021-20644",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20645",
      "@id": "CVE-2021-20645",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20646",
      "@id": "CVE-2021-20646",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20647",
      "@id": "CVE-2021-20647",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20648",
      "@id": "CVE-2021-20648",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20649",
      "@id": "CVE-2021-20649",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20650",
      "@id": "CVE-2021-20650",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple ELECOM products"
}