CVE-2023-38576
https://notcve.org/view.php?id=CVE-2023-38576
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un usuario autenticado ejecutar comandos arbitrarios del sistema operativo en una determinada consola de gestión. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-38132
https://notcve.org/view.php?id=CVE-2023-38132
LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. LAN-W451NGR todas las versiones proporcionadas por LOGITEC CORPORATION contiene una vulnerabilidad de control de acceso inadecuado, que permite a un atacante no autenticado iniciar sesión en el servicio telnet. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-284: Improper Access Control •
CVE-2023-35991
https://notcve.org/view.php?id=CVE-2023-35991
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 •
CVE-2023-32626
https://notcve.org/view.php?id=CVE-2023-32626
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. La vulnerabilidad de funcionalidad oculta en LAN-W300N/RS todas las versiones, y LAN-W300N/PR5 todas las versiones permite a un atacante no autenticado iniciar sesión en la consola de gestión determinada del producto y ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU91630351 https://www.elecom.co.jp/news/security/20230810-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-37565
https://notcve.org/view.php?id=CVE-2023-37565
Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 • CWE-94: Improper Control of Generation of Code ('Code Injection') •