CVE-2023-43757
https://notcve.org/view.php?id=CVE-2023-43757
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que un atacante no autenticado adyacente a la red adivine la clave de cifrado utilizada para la comunicación LAN inalámbrica e intercepte la comunicación. • https://github.com/sharmashreejaa/CVE-2023-43757 https://jvn.jp/en/vu/JVNVU94119876 https://www.elecom.co.jp/news/security/20210706-01 https://www.elecom.co.jp/news/security/20230810-01 https://www.elecom.co.jp/news/security/20231114-01 • CWE-326: Inadequate Encryption Strength •
CVE-2021-20858
https://notcve.org/view.php?id=CVE-2021-20858
Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de cross-site scripting en el router ELECOM LAN firmware WRC-2533GHBK-I versiones v1.20 y anteriores, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN88993473/index.html https://www.elecom.co.jp/news/security/20211130-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-20857
https://notcve.org/view.php?id=CVE-2021-20857
Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en el router ELECOM LAN firmware WRC-2533GHBK-I versiones v1.20 y anteriores, permite a un atacante remoto autenticado inyectar un script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN88993473/index.html https://www.elecom.co.jp/news/security/20211130-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •