CVE-2023-37565
https://notcve.org/view.php?id=CVE-2023-37565
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-37564
https://notcve.org/view.php?id=CVE-2023-37564
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-37563
https://notcve.org/view.php?id=CVE-2023-37563
ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 https://www.elecom.co.jp/news/security/20230810-01 •
CVE-2023-37567
https://notcve.org/view.php?id=CVE-2023-37567
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. • https://jvn.jp/en/vu/JVNVU91850798 https://www.elecom.co.jp/news/security/20230711-01 https://www.elecom.co.jp/news/security/20230810-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-37566
https://notcve.org/view.php?id=CVE-2023-37566
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. • https://jvn.jp/en/vu/JVNVU91850798 https://www.elecom.co.jp/news/security/20230711-01 https://www.elecom.co.jp/news/security/20230810-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •