jvndb - jvndb-2023-002797

jvndb-2023-002797

Vulnerability from jvndb

Published

2023-08-15 11:54

Modified

2025-02-13 15:21

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in ELECOM and LOGITEC network devices

Details

Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 * Telnet service access restriction failure (CWE-284) - CVE-2023-38132 * Hidden Functionality (CWE-912) - CVE-2023-38576 * Buffer overflow (CWE-120) - CVE-2023-39454 * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072 * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.

References

Type

URL

	JVN	http://jvn.jp/en/vu/JVNVU91630351/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-32626
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-35991
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-38132
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-38576
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39445
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39454
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39455
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39944
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-40069
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-40072
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-32626
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-35991
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-38132
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-38576
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39445
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39454
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39455
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39944
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-40069
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-40072
	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)	https://cwe.mitre.org/data/definitions/120.html
	Improper Access Control(CWE-284)	https://cwe.mitre.org/data/definitions/284.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Hidden Functionality(CWE-912)	https://cwe.mitre.org/data/definitions/912.html

Impacted products

Vendor

Product

	ELECOM CO.,LTD.	WAB-I1750-PS
	ELECOM CO.,LTD.	WAB-S1167-PS
	ELECOM CO.,LTD.	WAB-M1775-PS firmware
	ELECOM CO.,LTD.	WAB-M2133 firmware
	ELECOM CO.,LTD.	WAB-S1167 firmware
	ELECOM CO.,LTD.	WAB-S1775 firmware
	ELECOM CO.,LTD.	WAB-S300
	ELECOM CO.,LTD.	WAB-S600-PS
	ELECOM CO.,LTD.	WRC-1167GHBK2 firmware
	ELECOM CO.,LTD.	WRC-1467GHBK-A
	ELECOM CO.,LTD.	WRC-1467GHBK-S
	ELECOM CO.,LTD.	WRC-1750GHBK-E firmware
	ELECOM CO.,LTD.	WRC-1750GHBK2-I firmware
	ELECOM CO.,LTD.	WRC-1750GHBK firmware
	ELECOM CO.,LTD.	WRC-1900GHBK-A
	ELECOM CO.,LTD.	WRC-1900GHBK-S
	ELECOM CO.,LTD.	WRC-600GHBK-A
	ELECOM CO.,LTD.	WRC-733FEBK2-A
	ELECOM CO.,LTD.	WRC-F1167ACF2
	ELECOM CO.,LTD.	WRC-F1167ACF firmware
	ELECOM CO.,LTD.	WRC-X1800GS-B
	ELECOM CO.,LTD.	WRC-X1800GSA-B
	ELECOM CO.,LTD.	WRC-X1800GSH-B
	ELECOM CO.,LTD.	WRC-X6000QS-G
	ELECOM CO.,LTD.	WRC-X6000QSA-G
	Logitec Corp.	LAN-W300N/DR
	Logitec Corp.	LAN-W300N/PR5
	Logitec Corp.	LAN-W300N/P firmware
	Logitec Corp.	LAN-W300N/RS firmware
	Logitec Corp.	LAN-W451NGR
	Logitec Corp.	LAN-WH300AN/DGP
	Logitec Corp.	LAN-WH300ANDGPE
	Logitec Corp.	LAN-WH300N/DGP firmware
	Logitec Corp.	LAN-WH300N/DR
	Logitec Corp.	LAN-WH300N/RE
	Logitec Corp.	LAN-WH450N/GP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
  "dc:date": "2025-02-13T15:21+09:00",
  "dcterms:issued": "2023-08-15T11:54+09:00",
  "dcterms:modified": "2025-02-13T15:21+09:00",
  "description": "Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n  * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445\r\n  * Telnet service access restriction failure (CWE-284) - CVE-2023-38132\r\n  * Hidden Functionality (CWE-912) - CVE-2023-38576\r\n  * Buffer overflow (CWE-120) - CVE-2023-39454\r\n  * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072\r\n  * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:elecom:wab-i1750-ps",
      "@product": "WAB-I1750-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:elecom:wab-s1167-ps",
      "@product": "WAB-S1167-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-m1775-ps_firmware",
      "@product": "WAB-M1775-PS firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-m2133_firmware",
      "@product": "WAB-M2133 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s1167_firmware",
      "@product": "WAB-S1167 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s1775_firmware",
      "@product": "WAB-S1775 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s300_firmware",
      "@product": "WAB-S300",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s600-ps_firmware",
      "@product": "WAB-S600-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1167ghbk2_firmware",
      "@product": "WRC-1167GHBK2 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
      "@product": "WRC-1467GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-s_firmware",
      "@product": "WRC-1467GHBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk-e_firmware",
      "@product": "WRC-1750GHBK-E firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk2-i_firmware",
      "@product": "WRC-1750GHBK2-I firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk_firmware",
      "@product": "WRC-1750GHBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
      "@product": "WRC-1900GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1900ghbk-s_firmware",
      "@product": "WRC-1900GHBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
      "@product": "WRC-600GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
      "@product": "WRC-733FEBK2-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
      "@product": "WRC-F1167ACF2",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf_firmware",
      "@product": "WRC-F1167ACF firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
      "@product": "WRC-X1800GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
      "@product": "WRC-X1800GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
      "@product": "WRC-X1800GSH-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000qs-g",
      "@product": "WRC-X6000QS-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x6000qsa-g",
      "@product": "WRC-X6000QSA-G",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fdr_firmware",
      "@product": "LAN-W300N/DR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fpr5_firmware",
      "@product": "LAN-W300N/PR5",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fp_firmware",
      "@product": "LAN-W300N/P firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware",
      "@product": "LAN-W300N/RS firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w451ngr_firmware",
      "@product": "LAN-W451NGR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300an%2fdgp_firmware",
      "@product": "LAN-WH300AN/DGP",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300andgpe_firmware",
      "@product": "LAN-WH300ANDGPE",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fdgp_firmware",
      "@product": "LAN-WH300N/DGP firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fdr_firmware",
      "@product": "LAN-WH300N/DR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fre_firmware",
      "@product": "LAN-WH300N/RE",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh450n%2fgp_firmware",
      "@product": "LAN-WH450N/GP",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-002797",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU91630351/index.html",
      "@id": "JVNVU#91630351",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-32626",
      "@id": "CVE-2023-32626",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-35991",
      "@id": "CVE-2023-35991",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38132",
      "@id": "CVE-2023-38132",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38576",
      "@id": "CVE-2023-38576",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39445",
      "@id": "CVE-2023-39445",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39454",
      "@id": "CVE-2023-39454",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39455",
      "@id": "CVE-2023-39455",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39944",
      "@id": "CVE-2023-39944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40069",
      "@id": "CVE-2023-40069",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40072",
      "@id": "CVE-2023-40072",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32626",
      "@id": "CVE-2023-32626",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35991",
      "@id": "CVE-2023-35991",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38132",
      "@id": "CVE-2023-38132",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38576",
      "@id": "CVE-2023-38576",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445",
      "@id": "CVE-2023-39445",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39454",
      "@id": "CVE-2023-39454",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39455",
      "@id": "CVE-2023-39455",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39944",
      "@id": "CVE-2023-39944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40069",
      "@id": "CVE-2023-40069",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40072",
      "@id": "CVE-2023-40072",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/912.html",
      "@id": "CWE-912",
      "@title": "Hidden Functionality(CWE-912)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM and LOGITEC network devices"
}

CVE-2023-35991 (GCVE-0-2023-35991)

Vulnerability from cvelistv5

Published

2023-08-18 09:37

Modified

2024-10-21 20:26

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Hidden Functionality

Summary

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

Vendor

Product

Version

LOGITEC CORPORATION

LAN-W300N/DR

Version: all versions

LOGITEC CORPORATION	LAN-WH300N/DR	Version: all versions
LOGITEC CORPORATION	LAN-W300N/P	Version: all versions
LOGITEC CORPORATION	LAN-WH450N/GP	Version: all versions
LOGITEC CORPORATION	LAN-WH300AN/DGP	Version: all versions
LOGITEC CORPORATION	LAN-WH300N/DGP	Version: all versions
LOGITEC CORPORATION	LAN-WH300ANDGPE	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:37:40.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-wh450n\\/gp_firmware",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-35991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T20:16:01.788562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T20:26:02.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-W300N/DR",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300N/DR",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-W300N/P",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH450N/GP",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300AN/DGP",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300N/DGP",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300ANDGPE",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hidden Functionality",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:37:37.744Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-35991",
    "datePublished": "2023-08-18T09:37:37.744Z",
    "dateReserved": "2023-08-09T11:54:58.462Z",
    "dateUpdated": "2024-10-21T20:26:02.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38576 (GCVE-0-2023-38576)

Vulnerability from cvelistv5

Published

2023-08-18 09:39

Modified

2024-10-08 14:53

Severity ?

CWE

Hidden Functionality

Summary

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

	Vendor	Product	Version
	LOGITEC CORPORATION	LAN-WH300N/RE	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:46:56.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:logitec:lan-wh300n_re:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-wh300n_re",
            "vendor": "logitec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38576",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:51:23.871003Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:53:29.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-WH300N/RE",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hidden Functionality",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:39:29.926Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-38576",
    "datePublished": "2023-08-18T09:39:29.926Z",
    "dateReserved": "2023-08-09T11:54:54.852Z",
    "dateUpdated": "2024-10-08T14:53:29.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40069 (GCVE-0-2023-40069)

Vulnerability from cvelistv5

Published

2023-08-18 09:44

Modified

2024-10-08 19:14

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

OS command injection

Summary

OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

Vendor

Product

Version

ELECOM CO.,LTD.

WRC-F1167ACF

Version: all versions

ELECOM CO.,LTD.	WRC-1750GHBK	Version: all versions
ELECOM CO.,LTD.	WRC-1167GHBK2	Version: all versions
ELECOM CO.,LTD.	WRC-1750GHBK2-I	Version: all versions
ELECOM CO.,LTD.	WRC-1750GHBK-E	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:elecom:wrc-f1167acf_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-f1167acf_firmware",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1750ghbk_firmware",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:elecom:wrc-1167ghbk2_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1167ghbk2_firmware",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:elecom:wrc-1750ghbk2-i_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1750ghbk2-i_firmware",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:elecom:wrc-1750ghbk-e_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-1750ghbk-e_firmware",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-40069",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T18:55:06.435949Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T19:14:06.984Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-F1167ACF",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1750GHBK",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1167GHBK2",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1750GHBK2-I",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1750GHBK-E",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:44:43.138Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-40069",
    "datePublished": "2023-08-18T09:44:43.138Z",
    "dateReserved": "2023-08-09T11:54:57.640Z",
    "dateUpdated": "2024-10-08T19:14:06.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39454 (GCVE-0-2023-39454)

Vulnerability from cvelistv5

Published

2023-08-18 09:41

Modified

2025-07-03 14:02

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer overflow

Summary

Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230711-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

Vendor

Product

Version

ELECOM CO.,LTD.

WRC-X1800GS-B

Version: v1.13 and earlier

ELECOM CO.,LTD.	WRC-X1800GSA-B	Version: v1.13 and earlier
ELECOM CO.,LTD.	WRC-X1800GSH-B	Version: v1.13 and earlier
ELECOM CO.,LTD.	WRC-X6000QS-G	Version: v1.13 and earlier
ELECOM CO.,LTD.	WRC-X6000QSA-G	Version: v1.13 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:20.682Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-x1800gs-b",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "1.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-x1800gsa-b",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "1.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc-x1800gsh-b",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "1.13",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39454",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-03T14:02:33.925181Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-03T14:02:46.054Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-X1800GS-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.13 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X1800GSA-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.13 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X1800GSH-B",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.13 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X6000QS-G",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.13 and earlier"
            }
          ]
        },
        {
          "product": "WRC-X6000QSA-G",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.13 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-17T05:39:37.805Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230711-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-39454",
    "datePublished": "2023-08-18T09:41:14.665Z",
    "dateReserved": "2023-08-09T11:55:02.234Z",
    "dateUpdated": "2025-07-03T14:02:46.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39944 (GCVE-0-2023-39944)

Vulnerability from cvelistv5

Published

2023-08-18 09:43

Modified

2024-10-08 14:37

Severity ?

CWE

OS command injection

Summary

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

Vendor

Product

Version

ELECOM CO.,LTD.

WRC-F1167ACF

Version: all versions

ELECOM CO.,LTD.

WRC-1750GHBK

Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:18:10.175Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:elecom:wrc_f1167acf:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc_f1167acf",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:elecom:wrc_1750ghbk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wrc_1750ghbk",
            "vendor": "elecom",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39944",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:33:00.530335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:37:06.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-F1167ACF",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1750GHBK",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:43:35.233Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-39944",
    "datePublished": "2023-08-18T09:43:35.233Z",
    "dateReserved": "2023-08-09T11:54:55.787Z",
    "dateUpdated": "2024-10-08T14:37:06.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-38132 (GCVE-0-2023-38132)

Vulnerability from cvelistv5

Published

2023-08-18 09:38

Modified

2024-10-08 14:58

Severity ?

CWE

Improper access control

Summary

LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

	Vendor	Product	Version
	LOGITEC CORPORATION	LAN-W451NGR	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:30:14.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:logitec:lan-w451ngr:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-w451ngr",
            "vendor": "logitec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38132",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:54:18.343015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:58:09.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-W451NGR",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper access control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:38:31.606Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-38132",
    "datePublished": "2023-08-18T09:38:31.606Z",
    "dateReserved": "2023-08-09T11:55:01.344Z",
    "dateUpdated": "2024-10-08T14:58:09.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39445 (GCVE-0-2023-39445)

Vulnerability from cvelistv5

Published

2023-08-18 09:40

Modified

2024-10-08 15:11

Severity ?

CWE

Hidden Functionality

Summary

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

	Vendor	Product	Version
	LOGITEC CORPORATION	LAN-WH300N/RE	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:20.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:logitec:lan-wh300n_re:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-wh300n_re",
            "vendor": "logitec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:47:13.849174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T15:11:13.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-WH300N/RE",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hidden Functionality",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:40:17.145Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-39445",
    "datePublished": "2023-08-18T09:40:17.145Z",
    "dateReserved": "2023-08-09T11:54:56.682Z",
    "dateUpdated": "2024-10-08T15:11:13.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32626 (GCVE-0-2023-32626)

Vulnerability from cvelistv5

Published

2023-08-18 09:36

Modified

2024-10-08 15:05

Severity ?

CWE

Hidden Functionality

Summary

Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

Vendor

Product

Version

LOGITEC CORPORATION

LAN-W300N/RS

Version: all versions

LOGITEC CORPORATION

LAN-W300N/PR5

Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:logitec:lan-w300n\\/rs:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-w300n\\/rs",
            "vendor": "logitec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:logitec:lan_w300n_pr5:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan_w300n_pr5",
            "vendor": "logitec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32626",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T15:01:06.385485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T15:05:09.195Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-W300N/RS",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-W300N/PR5",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hidden Functionality",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:36:26.714Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-32626",
    "datePublished": "2023-08-18T09:36:26.714Z",
    "dateReserved": "2023-08-09T11:54:54.055Z",
    "dateUpdated": "2024-10-08T15:05:09.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39455 (GCVE-0-2023-39455)

Vulnerability from cvelistv5

Published

2023-08-18 09:42

Modified

2024-08-02 18:10

Severity ?

CWE

OS command injection

Summary

OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

Vendor

Product

Version

ELECOM CO.,LTD.

WRC-600GHBK-A

Version: all versions

ELECOM CO.,LTD.	WRC-1467GHBK-A	Version: all versions
ELECOM CO.,LTD.	WRC-1900GHBK-A	Version: all versions
ELECOM CO.,LTD.	WRC-733FEBK2-A	Version: all versions
ELECOM CO.,LTD.	WRC-F1167ACF2	Version: all versions
ELECOM CO.,LTD.	WRC-1467GHBK-S	Version: all versions
ELECOM CO.,LTD.	WRC-1900GHBK-S	Version: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:20.649Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WRC-600GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-733FEBK2-A",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-F1167ACF2",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1467GHBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WRC-1900GHBK-S",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:42:19.491Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-39455",
    "datePublished": "2023-08-18T09:42:19.491Z",
    "dateReserved": "2023-08-09T11:55:00.303Z",
    "dateUpdated": "2024-08-02T18:10:20.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-40072 (GCVE-0-2023-40072)

Vulnerability from cvelistv5

Published

2023-08-18 09:45

Modified

2025-07-03 14:01

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

OS command injection

Summary

OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

References

URL

Tags

	https://www.elecom.co.jp/news/security/20231114-01/
	https://www.elecom.co.jp/news/security/20230810-01/
	https://jvn.jp/en/vu/JVNVU91630351/

Impacted products

Vendor

Product

Version

ELECOM CO.,LTD.

WAB-S600-PS

Version: all versions

ELECOM CO.,LTD.	WAB-S300	Version: all versions
ELECOM CO.,LTD.	WAB-S1775	Version: v1.1.9 and earlier
ELECOM CO.,LTD.	WAB-M1775-PS	Version: v1.1.21 and earlier
ELECOM CO.,LTD.	WAB-S1167	Version: v1.0.7 and earlier
ELECOM CO.,LTD.	WAB-M2133	Version: v1.3.22 and earlier
ELECOM CO.,LTD.	WAB-I1750-PS	Version: v1.5.10 and earlier
ELECOM CO.,LTD.	WAB-S1167-PS	Version: v1.5.6 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.046Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20231114-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-40072",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-03T13:59:50.488318Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-03T14:01:25.610Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WAB-S600-PS",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WAB-S300",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "WAB-S1775",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.1.9 and earlier"
            }
          ]
        },
        {
          "product": "WAB-M1775-PS",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.1.21 and earlier"
            }
          ]
        },
        {
          "product": "WAB-S1167",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.0.7 and earlier"
            }
          ]
        },
        {
          "product": "WAB-M2133",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.3.22 and earlier"
            }
          ]
        },
        {
          "product": "WAB-I1750-PS",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.5.10 and earlier"
            }
          ]
        },
        {
          "product": "WAB-S1167-PS",
          "vendor": "ELECOM CO.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "v1.5.6 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OS command injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-09T06:39:59.937Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20231114-01/"
        },
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-40072",
    "datePublished": "2023-08-18T09:45:31.201Z",
    "dateReserved": "2023-08-09T11:54:59.361Z",
    "dateUpdated": "2025-07-03T14:01:25.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

jvndb-2023-002797

Vulnerability from jvndb

CVE-2023-35991 (GCVE-0-2023-35991)

Vulnerability from cvelistv5

CVE-2023-38576 (GCVE-0-2023-38576)

Vulnerability from cvelistv5

CVE-2023-40069 (GCVE-0-2023-40069)

Vulnerability from cvelistv5

CVE-2023-39454 (GCVE-0-2023-39454)

Vulnerability from cvelistv5

CVE-2023-39944 (GCVE-0-2023-39944)

Vulnerability from cvelistv5

CVE-2023-38132 (GCVE-0-2023-38132)

Vulnerability from cvelistv5

CVE-2023-39445 (GCVE-0-2023-39445)

Vulnerability from cvelistv5

CVE-2023-32626 (GCVE-0-2023-32626)

Vulnerability from cvelistv5

CVE-2023-39455 (GCVE-0-2023-39455)

Vulnerability from cvelistv5

CVE-2023-40072 (GCVE-0-2023-40072)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature