CVE-2023-37566
https://notcve.org/view.php?id=CVE-2023-37566
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions. • https://jvn.jp/en/vu/JVNVU91850798 https://www.elecom.co.jp/news/security/20230711-01 https://www.elecom.co.jp/news/security/20230810-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-37561
https://notcve.org/view.php?id=CVE-2023-37561
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-37560
https://notcve.org/view.php?id=CVE-2023-37560
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. • https://jvn.jp/en/jp/JVN05223215 https://www.elecom.co.jp/news/security/20230711-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-22282
https://notcve.org/view.php?id=CVE-2023-22282
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. • https://jvn.jp/en/jp/JVN35246979 https://www.elecom.co.jp/news/security/20230324-01 • CWE-428: Unquoted Search Path or Element •
CVE-2023-22368
https://notcve.org/view.php?id=CVE-2023-22368
Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 and QuickFileDealer Ver.1.2.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. • https://jvn.jp/en/jp/JVN60263237 https://www.elecom.co.jp/news/security/20230214-01 • CWE-426: Untrusted Search Path •