CVSS: 6.5EPSS: 0%CPEs: 68EXPL: 1CVE-2023-43757
https://notcve.org/view.php?id=CVE-2023-43757
16 Nov 2023 — Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que ... • https://github.com/sharmashreejaa/CVE-2023-43757 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-20739
https://notcve.org/view.php?id=CVE-2021-20739
07 Jul 2021 — WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S y WRH-300WH-S, todas las versiones, permiten a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistem... • https://jvn.jp/en/vu/JVNVU94260088/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20649
https://notcve.org/view.php?id=CVE-2021-20649
12 Feb 2021 — ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. ELECOM WRC-300FEBK-S, contiene una vulnerabilidad de comprobación de certificado inapropiada. Mediante un ataque man-in-the-middle, un atacante puede alterar la respuesta de comunicación. • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20648
https://notcve.org/view.php?id=CVE-2021-20648
12 Feb 2021 — ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. ELECOM WRC-300FEBK-S, permite a un atacante con derechos de administrador ejecutar comandos arbitrarios del sistema operativo por medio de vectores no especificados • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20647
https://notcve.org/view.php?id=CVE-2021-20647
12 Feb 2021 — Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en ELECOM WRC-300FEBK-S, permite a atacantes remotos secuestrar la autenticación de los administradores y ejecutar una petición arbitraria por medio de un vector no e... • https://jvn.jp/en/jp/JVN47580234/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •