CVE-2023-43757
https://notcve.org/view.php?id=CVE-2023-43757
Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que un atacante no autenticado adyacente a la red adivine la clave de cifrado utilizada para la comunicación LAN inalámbrica e intercepte la comunicación. • https://github.com/sharmashreejaa/CVE-2023-43757 https://jvn.jp/en/vu/JVNVU94119876 https://www.elecom.co.jp/news/security/20210706-01 https://www.elecom.co.jp/news/security/20230810-01 https://www.elecom.co.jp/news/security/20231114-01 • CWE-326: Inadequate Encryption Strength •
CVE-2023-37561
https://notcve.org/view.php?id=CVE-2023-37561
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-37560
https://notcve.org/view.php?id=CVE-2023-37560
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-20739
https://notcve.org/view.php?id=CVE-2021-20739
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S y WRH-300WH-S, todas las versiones, permiten a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistema operativo por medio de vectores no especificados • https://jvn.jp/en/vu/JVNVU94260088/index.html https://www.elecom.co.jp/news/security/20210706-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •