CVSS: 6.5EPSS: 0%CPEs: 68EXPL: 1CVE-2023-43757
https://notcve.org/view.php?id=CVE-2023-43757
16 Nov 2023 — Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que ... • https://github.com/sharmashreejaa/CVE-2023-43757 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37565
https://notcve.org/view.php?id=CVE-2023-37565
13 Jul 2023 — Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37564
https://notcve.org/view.php?id=CVE-2023-37564
13 Jul 2023 — OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-37563
https://notcve.org/view.php?id=CVE-2023-37563
13 Jul 2023 — ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S ... • https://jvn.jp/en/jp/JVN05223215 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37568
https://notcve.org/view.php?id=CVE-2023-37568
13 Jul 2023 — ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. • https://jvn.jp/en/vu/JVNVU91850798 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •