CVSS: 6.5EPSS: 0%CPEs: 68EXPL: 1CVE-2023-43757
https://notcve.org/view.php?id=CVE-2023-43757
16 Nov 2023 — Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. Vulnerabilidad de fuerza de cifrado inadecuada en múltiples routers proporcionados por ELECOM CO.,LTD. y LOGITEC CORPORATION permite que ... • https://github.com/sharmashreejaa/CVE-2023-43757 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-37561
https://notcve.org/view.php?id=CVE-2023-37561
13 Jul 2023 — Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. • https://jvn.jp/en/jp/JVN05223215 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-37560
https://notcve.org/view.php?id=CVE-2023-37560
13 Jul 2023 — Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. • https://jvn.jp/en/jp/JVN05223215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •