CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37568
https://notcve.org/view.php?id=CVE-2023-37568
13 Jul 2023 — ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. • https://jvn.jp/en/vu/JVNVU91850798 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37567
https://notcve.org/view.php?id=CVE-2023-37567
13 Jul 2023 — Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. • https://jvn.jp/en/vu/JVNVU91850798 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37566
https://notcve.org/view.php?id=CVE-2023-37566
13 Jul 2023 — Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. • https://jvn.jp/en/vu/JVNVU91850798 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-37561
https://notcve.org/view.php?id=CVE-2023-37561
13 Jul 2023 — Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37560
https://notcve.org/view.php?id=CVE-2023-37560
13 Jul 2023 — Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. • https://jvn.jp/en/jp/JVN05223215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22282
https://notcve.org/view.php?id=CVE-2023-22282
11 Apr 2023 — WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. • https://jvn.jp/en/jp/JVN35246979 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22368
https://notcve.org/view.php?id=CVE-2023-22368
15 Feb 2023 — Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. • https://jvn.jp/en/jp/JVN60263237 • CWE-426: Untrusted Search Path •
CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2022-25915
https://notcve.org/view.php?id=CVE-2022-25915
31 Mar 2022 — Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware... • https://jvn.jp/en/jp/JVN88993473 •
CVSS: 5.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-21799
https://notcve.org/view.php?id=CVE-2022-21799
08 Feb 2022 — Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. Una vulnerabilidad de tipo cross-site scripting en el firmware del router ELECOM LAN WRC-300FEBK-R versiones v1.13 y anteriores, permite a un atacante en la red adyacente inyectar un script arbitrario por medio de vectores no especificados • https://jvn.jp/en/jp/JVN17482543/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-21173
https://notcve.org/view.php?id=CVE-2022-21173
08 Feb 2022 — Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. Una vulnerabilidad de f... • https://jvn.jp/en/jp/JVN17482543/index.html •