CVE-2023-43757
https://notcve.org/view.php?id=CVE-2023-43757
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que un atacante no autenticado adyacente a la red adivine la clave de cifrado utilizada para la comunicación LAN inalámbrica e intercepte la comunicación. • https://github.com/sharmashreejaa/CVE-2023-43757 https://jvn.jp/en/vu/JVNVU94119876 https://www.elecom.co.jp/news/security/20210706-01 https://www.elecom.co.jp/news/security/20230810-01 https://www.elecom.co.jp/news/security/20231114-01 • CWE-326: Inadequate Encryption Strength •
CVE-2023-32626
https://notcve.org/view.php?id=CVE-2023-32626
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. La vulnerabilidad de funcionalidad oculta en LAN-W300N/RS todas las versiones, y LAN-W300N/PR5 todas las versiones permite a un atacante no autenticado iniciar sesión en la consola de gestión determinada del producto y ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •