CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37565
https://notcve.org/view.php?id=CVE-2023-37565
13 Jul 2023 — Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37564
https://notcve.org/view.php?id=CVE-2023-37564
13 Jul 2023 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37563
https://notcve.org/view.php?id=CVE-2023-37563
13 Jul 2023 — ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S ... • https://jvn.jp/en/jp/JVN05223215 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37567
https://notcve.org/view.php?id=CVE-2023-37567
13 Jul 2023 — Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. • https://jvn.jp/en/vu/JVNVU91850798 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37566
https://notcve.org/view.php?id=CVE-2023-37566
13 Jul 2023 — Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. • https://jvn.jp/en/vu/JVNVU91850798 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •