CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-39454
https://notcve.org/view.php?id=CVE-2023-39454
18 Aug 2023 — Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code. La vulnerabilidad de desbordamiento del búfer en WRC-X1800GS-B v1.13 y anteriores, WRC-X1800GSA-B v1.13 y anteriores, y WRC-X1800GSH-B v1.13 y anteriores permite a un atacante no autenticado ejecutar código arbitrario. • https://jvn.jp/en/vu/JVNVU91630351 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-39445
https://notcve.org/view.php?id=CVE-2023-39445
18 Aug 2023 — Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un atacante no autenticado ejecutar código arbitrario enviando un archivo especialmente diseñado a la consola de gestión determinada del producto... • https://jvn.jp/en/vu/JVNVU91630351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38576
https://notcve.org/view.php?id=CVE-2023-38576
18 Aug 2023 — Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un usuario autenticado ejecutar comandos arbitrarios del sistema operativo en una determinada consola de gestión. • https://jvn.jp/en/vu/JVNVU91630351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38132
https://notcve.org/view.php?id=CVE-2023-38132
18 Aug 2023 — LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. LAN-W451NGR todas las versiones proporcionadas por LOGITEC CORPORATION contiene una vulnerabilidad de control de acceso inadecuado, que permite a un atacante no autenticado iniciar sesión en el servicio telnet. • https://jvn.jp/en/vu/JVNVU91630351 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35991
https://notcve.org/view.php?id=CVE-2023-35991
18 Aug 2023 — Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. • https://jvn.jp/en/vu/JVNVU91630351 •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32626
https://notcve.org/view.php?id=CVE-2023-32626
18 Aug 2023 — Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. La vulnerabilidad de funcionalidad oculta en LAN-W300N/RS todas las versiones, y LAN-W300N/PR5 todas las versiones permite a un atacante no autenticado iniciar sesión en la consola de gestión determinada del producto y ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/vu/JVNVU91630351 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37565
https://notcve.org/view.php?id=CVE-2023-37565
13 Jul 2023 — Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37564
https://notcve.org/view.php?id=CVE-2023-37564
13 Jul 2023 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37563
https://notcve.org/view.php?id=CVE-2023-37563
13 Jul 2023 — ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S ... • https://jvn.jp/en/jp/JVN05223215 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37562
https://notcve.org/view.php?id=CVE-2023-37562
13 Jul 2023 — Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. • https://jvn.jp/en/jp/JVN05223215 • CWE-352: Cross-Site Request Forgery (CSRF) •