|
[Japanese]
|
JVNDB-2023-006588
|
Multiple vulnerabilities in ELECOM and LOGITEC routers
|
|
Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2023-43752
* Inadequate Encryption Strength (CWE-326) - CVE-2023-43757
CVE-2023-43752
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVE-2023-43757
Katsuhiko Sato(a.k.a. goroh_kun), Yuya Adachi and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 6.8 (Medium) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-43752
|
CVSS V3 Severity:
Base Metrics6.5 (Medium) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-43757
|
|
|
ELECOM CO.,LTD.
- WRC-1167GHBK firmware all versions
- WRC-1167GHBK2 firmware all versions
- WRC-1750GHBK firmware all versions
- WRC-1750GHBK-E firmware all versions
- WRC-1750GHBK2-I firmware all versions
- WRC-2533GHBK-I firmware all versions
- WRC-2533GHBK2-T firmware all versions
- WRC-300FEBK firmware all versions
- WRC-300GHBK firmware all versions
- WRC-300GHBK2-I firmware all versions
- WRC-733FEBK firmware all versions
- WRC-733GHBK firmware all versions
- WRC-733GHBK-C firmware all versions
- WRC-733GHBK-I firmware all versions
- WRC-F1167ACF firmware all versions
- WRC-F300NF firmware all versions
- WRC-X3000GS2-B firmware v1.05 and earlier
- WRC-X3000GS2-W firmware v1.05 and earlier
- WRC-X3000GS2A-B firmware v1.05 and earlier
- WRH-150BK firmware all versions
- WRH-150WH firmware all versions
- WRH-300BK firmware all versions
- WRH-300BK-S firmware all versions
- WRH-300BK2-S firmware all versions
- WRH-300RD firmware all versions
- WRH-300SV firmware all versions
- WRH-300WH firmware all versions
- WRH-300WH-H firmware all versions
- WRH-300WH-S firmwware all versions
- WRH-300WH2-S firmware all versions
- WRH-H300BK firmware all versions
- WRH-H300WH firmware all versions
Logitec Corp.
- LAN-W300N/P firmware all versions
- LAN-W300N/RS firmware all versions
- LAN-W301NR firmware all versions
- LAN-WH300N/DGP firmware all versions
- LAN-WH300NDGPE firmware all versions
|
|
|
* A logged-in user may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-43752
* An attacker who can access the product may guess the encryption key used for the wireless LAN communication and intercept the communication - CVE-2023-43757
|
|
CVE-2023-43752
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
CVE-2023-43757
[Apply the workaround]
The developer recommends to change the initial Wi-Fi (wireless LAN) encryption key to stronger ones instead of the default value.
[Stop using the products]
Some vulnerable products are no longer supported. Stop using the products and consider switching to alternative products. For more information, refer to the security advisories released on July 6, 2021 and August 10, 2023 from the developer.
|
|
ELECOM CO.,LTD.
|
|
- Inadequate Encryption Strength(CWE-326) [Other]
- OS Command Injection(CWE-78) [Other]
|
|
- CVE-2023-43752
- CVE-2023-43757
|
|
- JVN : JVNVU#94119876
- National Vulnerability Database (NVD) : CVE-2023-43752
- National Vulnerability Database (NVD) : CVE-2023-43757
|
|
- [2023/11/15]
Web page was published
- [2024/04/26]
References : Contents were added
|
