[Japanese]

JVNDB-2023-002797

Multiple vulnerabilities in ELECOM and LOGITEC network devices

Overview

Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.

* Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445
* Telnet service access restriction failure (CWE-284) - CVE-2023-38132
* Hidden Functionality (CWE-912) - CVE-2023-38576
* Buffer overflow (CWE-120) - CVE-2023-39454
* OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072
* OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-32626, CVE-2023-35991, CVE-2023-39445

CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38132

CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39454

CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39944, CVE-2023-40069

CVSS V3 Severity:
Base Metrics:6.8 (Medium) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38576

CVSS V3 Severity:
Base Metrics:6.8 (Medium) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39455, CVE-2023-40072
Affected Products


ELECOM CO.,LTD.
  • WAB-S300 all versions (CVE-2023-40072)
  • WAB-S600-PS all versions (CVE-2023-40072)
  • WRC-1167GHBK2 all versions (CVE-2023-40069)
  • WRC-1467GHBK-A all versions (CVE-2023-39455)
  • WRC-1467GHBK-S all versions (CVE-2023-39455)
  • WRC-1750GHBK all versions (CVE-2023-39944)
  • WRC-1750GHBK all versions (CVE-2023-40069)
  • WRC-1750GHBK-E all versions (CVE-2023-40069)
  • WRC-1750GHBK2-I all versions (CVE-2023-40069)
  • WRC-1900GHBK-A all versions (CVE-2023-39455)
  • WRC-1900GHBK-S all versions (CVE-2023-39455)
  • WRC-600GHBK-A all versions (CVE-2023-39455)
  • WRC-733FEBK2-A all versions (CVE-2023-39455)
  • WRC-F1167ACF all versions (CVE-2023-39944)
  • WRC-F1167ACF all versions (CVE-2023-40069)
  • WRC-F1167ACF2 all versions (CVE-2023-39455)
  • WRC-X1800GS-B v1.13 and earlier (CVE-2023-39454)
  • WRC-X1800GSA-B v1.13 and earlier (CVE-2023-39454)
  • WRC-X1800GSH-B v1.13 and earlier (CVE-2023-39454)
Logitec Corp.
  • LAN-W300N/DR all versions (CVE-2023-35991)
  • LAN-W300N/P all versions (CVE-2023-35991)
  • LAN-W300N/PR5 all versions (CVE-2023-32626)
  • LAN-W451NGR all versions (CVE-2023-38132)
  • LAN-WH300AN/DGP all versions (CVE-2023-35991)
  • LAN-WH300ANDGPE all versions (CVE-2023-35991)
  • LAN-WH300N/DGP all versions (CVE-2023-35991)
  • LAN-WH300N/DR all versions (CVE-2023-35991)
  • LAN-WH300N/RE all versions (CVE-2023-38576, CVE-2023-39445)
  • LAN-WH450N/GP all versions (CVE-2023-35991)
  • LAN-W300N/RS all versions (CVE-2023-32626)

Impact

* An unauthenticated attacker may log in to the product's certain management console and execute arbitrary OS commands - CVE-2023-32626, CVE-2023-35991
* An unauthenticated attacker may log in to telnet service - CVE-2023-38132
* An authenticated user may execute arbitrary OS commands on a certain management console - CVE-2023-38576
* An unauthenticated attacker may execute arbitrary code by sending a specially crafted file to the product's certain management console - CVE-2023-39445
* An unauthenticated attacker may execute arbitrary code - CVE-2023-39454
* An authenticated user may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39455, CVE-2023-40072
* An attacker who can access the product may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39944, CVE-2023-40069
Solution

[Update the firmware]
For WRC-X1800GS-B, WRC-X1800GSA-B, and WRC-X1800GSH-B, update the firmware to the latest version according to the information provided by the developer.

[Apply the workaround]
For WAB-S600-PS and WAB-S300, applying the following workarounds may mitigate the impact of CVE-2023-40072 issue.

* Change the setting page's login password
* Do not access other websites while logged in to the setting page
* Close the web browser after finishing operations on the setting page
* Delete the password for the setting page saved in the web browser

[Stop using the products]
According to the developer, the rest of the affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.
Vendor Information

ELECOM CO.,LTD.
CWE (What is CWE?)

  1. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) [Other]
  2. Improper Access Control(CWE-284) [Other]
  3. OS Command Injection(CWE-78) [Other]
  4. Hidden Functionality(CWE-912) [Other]
CVE (What is CVE?)

  1. CVE-2023-32626
  2. CVE-2023-35991
  3. CVE-2023-38132
  4. CVE-2023-38576
  5. CVE-2023-39445
  6. CVE-2023-39454
  7. CVE-2023-39455
  8. CVE-2023-39944
  9. CVE-2023-40069
  10. CVE-2023-40072
References

  1. JVN : JVNVU#91630351
Revision History

  • [2023/08/15]
      Web page was published

Date Public2023/08/10
Date First Published2023/08/15
Date Last Updated2023/08/15