Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by LOGITEC CORPORATION
CVE-2023-39445 (GCVE-0-2023-39445)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:40 – Updated: 2024-10-08 15:11
VLAI
Summary
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Hidden Functionality
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-WH300N/RE |
Affected:
all versions
|
|
| logitec | lan-wh300n_re |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:logitec:lan-wh300n_re:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:logitec:lan-wh300n_re:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-wh300n_re",
"vendor": "logitec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:47:13.849174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:11:13.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LAN-WH300N/RE",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:40:17.145Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-39445",
"datePublished": "2023-08-18T09:40:17.145Z",
"dateReserved": "2023-08-09T11:54:56.682Z",
"dateUpdated": "2024-10-08T15:11:13.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38576 (GCVE-0-2023-38576)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:39 – Updated: 2024-10-08 14:53
VLAI
Summary
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Hidden Functionality
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-WH300N/RE |
Affected:
all versions
|
|
| logitec | lan-wh300n_re |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:logitec:lan-wh300n_re:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:logitec:lan-wh300n_re:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-wh300n_re",
"vendor": "logitec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38576",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:51:23.871003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:53:29.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LAN-WH300N/RE",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:39:29.926Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38576",
"datePublished": "2023-08-18T09:39:29.926Z",
"dateReserved": "2023-08-09T11:54:54.852Z",
"dateUpdated": "2024-10-08T14:53:29.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38132 (GCVE-0-2023-38132)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:38 – Updated: 2024-10-08 14:58
VLAI
Summary
LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper access control
- CWE-284 - Improper Access Control
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W451NGR |
Affected:
all versions
|
|
| logitec | lan-w451ngr |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:logitec:lan-w451ngr:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:logitec:lan-w451ngr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w451ngr",
"vendor": "logitec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38132",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:54:18.343015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:58:09.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LAN-W451NGR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:38:31.606Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-38132",
"datePublished": "2023-08-18T09:38:31.606Z",
"dateReserved": "2023-08-09T11:55:01.344Z",
"dateUpdated": "2024-10-08T14:58:09.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35991 (GCVE-0-2023-35991)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:37 – Updated: 2024-10-21 20:26
VLAI
Summary
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Hidden Functionality
- CWE-noinfo Not enough information
Assigner
References
2 references
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/DR |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-WH300N/DR |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-W300N/P |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-WH450N/GP |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-WH300AN/DGP |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-WH300N/DGP |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-WH300ANDGPE |
Affected:
all versions
|
|
| elecom | lan-wh450n\/gp_firmware |
Affected:
0 , < *
(custom)
cpe:2.3:o:elecom:lan-wh300n\/dgp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:lan-w300n\/dr_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:lan-w300n\/p_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:lan-wh300an\/dgp_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:lan-wh300n\/dr_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:elecom:lan-wh450n\/gp_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:elecom:lan-w300n\\/p_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-wh450n\\/gp_firmware",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-35991",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T20:16:01.788562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T20:26:02.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/DR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LAN-WH300N/DR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LAN-W300N/P",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LAN-WH450N/GP",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LAN-WH300AN/DGP",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LAN-WH300N/DGP",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LAN-WH300ANDGPE",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:37:37.744Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-35991",
"datePublished": "2023-08-18T09:37:37.744Z",
"dateReserved": "2023-08-09T11:54:58.462Z",
"dateUpdated": "2024-10-21T20:26:02.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32626 (GCVE-0-2023-32626)
Vulnerability from cvelistv5 – Published: 2023-08-18 09:36 – Updated: 2024-10-08 15:05
VLAI
Summary
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Hidden Functionality
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/RS |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-W300N/PR5 |
Affected:
all versions
|
|
| logitec | lan-w300n\/rs |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:logitec:lan-w300n\/rs:-:*:*:*:*:*:*:* |
|
| logitec | lan_w300n_pr5 |
Affected:
0 , ≤ *
(custom)
cpe:2.3:h:logitec:lan_w300n_pr5:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:25:36.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:logitec:lan-w300n\\/rs:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w300n\\/rs",
"vendor": "logitec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:logitec:lan_w300n_pr5:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan_w300n_pr5",
"vendor": "logitec",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T15:01:06.385485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T15:05:09.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/RS",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "LAN-W300N/PR5",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hidden Functionality",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:36:26.714Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91630351/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-32626",
"datePublished": "2023-08-18T09:36:26.714Z",
"dateReserved": "2023-08-09T11:54:54.055Z",
"dateUpdated": "2024-10-08T15:05:09.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37567 (GCVE-0-2023-37567)
Vulnerability from cvelistv5 – Published: 2023-07-13 01:46 – Updated: 2024-11-06 14:28
VLAI
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Arbitrary command execution
Assigner
References
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-F1167ACF2 |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-600GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-733FEBK2-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-A |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-W301NR |
Affected:
all versions
|
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-f1167acf2 |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:* |
|
| elecom | wrc-600ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-733febk2-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1467ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1900ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | lan-w301nr |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-f1167acf2",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-600ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-733febk2-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1467ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1900ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w301nr",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T14:23:25.188680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:28:41.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "LAN-W301NR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:35:14.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37567",
"datePublished": "2023-07-13T01:46:47.274Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-06T14:28:41.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37566 (GCVE-0-2023-37566)
Vulnerability from cvelistv5 – Published: 2023-07-13 01:44 – Updated: 2024-11-06 18:19
VLAI
Summary
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Arbitrary command execution
Assigner
References
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-1167GHBK3-A |
Affected:
v1.24 and earlier
|
|
| ELECOM CO.,LTD. | WRC-1167FEBK-A |
Affected:
v1.18 and earlier
|
|
| ELECOM CO.,LTD. | WRC-F1167ACF2 |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-600GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-733FEBK2-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1467GHBK-A |
Affected:
all versions
|
|
| ELECOM CO.,LTD. | WRC-1900GHBK-A |
Affected:
all versions
|
|
| LOGITEC CORPORATION | LAN-W301NR |
Affected:
all versions
|
|
| elecom | wrc-1167ghbk3-a |
Affected:
0 , ≤ 1.24
(custom)
cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1167febk-a |
Affected:
0 , ≤ 1.18
(custom)
cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-f1167acf2 |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:* |
|
| elecom | wrc-600ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-733febk2-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1467ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | wrc-1900ghbk-a |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:* |
|
| elecom | lan-w301nr |
Affected:
0 , < *
(custom)
cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:31.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167ghbk3-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1167febk-a",
"vendor": "elecom",
"versions": [
{
"lessThanOrEqual": "1.18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-f1167acf2",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-600ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-733febk2-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1467ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrc-1900ghbk-a",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:elecom:lan-w301nr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lan-w301nr",
"vendor": "elecom",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T18:15:05.526570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T18:19:31.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WRC-1167GHBK3-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.24 and earlier "
}
]
},
{
"product": "WRC-1167FEBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.18 and earlier "
}
]
},
{
"product": "WRC-F1167ACF2",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-600GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-733FEBK2-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1467GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "WRC-1900GHBK-A",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "all versions "
}
]
},
{
"product": "LAN-W301NR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T09:34:09.134Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU91850798/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37566",
"datePublished": "2023-07-13T01:44:48.791Z",
"dateReserved": "2023-07-07T08:46:11.999Z",
"dateUpdated": "2024-11-06T18:19:31.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20641 (GCVE-0-2021-20641)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/RS |
Affected:
LAN-W300N/RS
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/RS",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-W300N/RS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:15:45.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-W300N/RS",
"version": {
"version_data": [
{
"version_value": "LAN-W300N/RS"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20641",
"datePublished": "2021-02-12T06:15:45.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:44.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20642 (GCVE-0-2021-20642)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
Severity
No CVSS data available.
CWE
- Improper check or handling of exceptional conditions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/RS |
Affected:
LAN-W300N/RS
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/RS",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-W300N/RS"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check or handling of exceptional conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:15:45.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-W300N/RS",
"version": {
"version_data": [
{
"version_value": "LAN-W300N/RS"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check or handling of exceptional conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20642",
"datePublished": "2021-02-12T06:15:45.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20640 (GCVE-0-2021-20640)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
| https://lists.apache.org/thread.html/rc1778b38e74… | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/PGRB |
Affected:
LAN-W300N/PGRB
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
},
{
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/PGRB",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-W300N/PGRB"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-12T14:06:16.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
},
{
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-W300N/PGRB",
"version": {
"version_data": [
{
"version_value": "LAN-W300N/PGRB"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute an arbitrary OS command via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
},
{
"name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20640",
"datePublished": "2021-02-12T06:15:44.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20639 (GCVE-0-2021-20639)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/PGRB |
Affected:
LAN-W300N/PGRB
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/PGRB",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-W300N/PGRB"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:15:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-W300N/PGRB",
"version": {
"version_data": [
{
"version_value": "LAN-W300N/PGRB"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20639",
"datePublished": "2021-02-12T06:15:43.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:44.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20638 (GCVE-0-2021-20638)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/PGRB |
Affected:
LAN-W300N/PGRB
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/PGRB",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-W300N/PGRB"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:15:43.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-W300N/PGRB",
"version": {
"version_data": [
{
"version_value": "LAN-W300N/PGRB"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20638",
"datePublished": "2021-02-12T06:15:43.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20637 (GCVE-0-2021-20637)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL.
Severity
No CVSS data available.
CWE
- Improper check or handling of exceptional conditions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/PR5B |
Affected:
LAN-W300N/PR5B
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/PR5B",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-W300N/PR5B"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper check or handling of exceptional conditions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:15:42.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-W300N/PR5B",
"version": {
"version_data": [
{
"version_value": "LAN-W300N/PR5B"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper check or handling of exceptional conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20637",
"datePublished": "2021-02-12T06:15:42.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20635 (GCVE-0-2021-20635)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network.
Severity
No CVSS data available.
CWE
- Improper restriction of excessive authentication attempts
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-WH450N/GR |
Affected:
LAN-WH450N/GR
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:45.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-WH450N/GR",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-WH450N/GR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of excessive authentication attempts",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:15:40.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-WH450N/GR",
"version": {
"version_data": [
{
"version_value": "LAN-WH450N/GR"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacker in the wireless range of the device to recover PIN and access the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of excessive authentication attempts"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20635",
"datePublished": "2021-02-12T06:15:41.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:45.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20636 (GCVE-0-2021-20636)
Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.elecom.co.jp/news/security/20210126-01/ | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN96783542/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| LOGITEC CORPORATION | LAN-W300N/PR5B |
Affected:
LAN-W300N/PR5B
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:45:44.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAN-W300N/PR5B",
"vendor": "LOGITEC CORPORATION",
"versions": [
{
"status": "affected",
"version": "LAN-W300N/PR5B"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T06:15:41.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAN-W300N/PR5B",
"version": {
"version_data": [
{
"version_value": "LAN-W300N/PR5B"
}
]
}
}
]
},
"vendor_name": "LOGITEC CORPORATION"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20210126-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN96783542/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN96783542/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20636",
"datePublished": "2021-02-12T06:15:41.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:45:44.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}