CVE-2023-40072
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier.
La vulnerabilidad de inyección de comandos del sistema operativo en los dispositivos de red ELECOM permite a un usuario autenticado ejecutar un comando arbitrario del sistema operativo enviando una solicitud especialmente diseñada. Los productos y versiones afectados son los siguientes WAB-S600-PS todas las versiones, WAB-S300 todas las versiones, WAB-M1775-PS v1.1.21 y anteriores, WAB-S1775 v1.1.9 y anteriores, WAB-S1167 v1.0.7 y anteriores, y WAB-M2133 v1.3.22 y anteriores.
OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-09 CVE Reserved
- 2023-08-18 CVE Published
- 2024-08-24 EPSS Updated
- 2024-09-09 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://jvn.jp/en/vu/JVNVU91630351 | Third Party Advisory | |
https://www.elecom.co.jp/news/security/20231114-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.elecom.co.jp/news/security/20230810-01 | 2024-02-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Elecom Search vendor "Elecom" | Wab-s600-ps Firmware Search vendor "Elecom" for product "Wab-s600-ps Firmware" | * | - |
Affected
| in | Elecom Search vendor "Elecom" | Wab-s600-ps Search vendor "Elecom" for product "Wab-s600-ps" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wab-s300 Firmware Search vendor "Elecom" for product "Wab-s300 Firmware" | * | - |
Affected
| in | Elecom Search vendor "Elecom" | Wab-s300 Search vendor "Elecom" for product "Wab-s300" | - | - |
Safe
|