|
[Japanese]
|
JVNDB-2023-002797
|
Multiple vulnerabilities in ELECOM and LOGITEC network devices
|
|
Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
* Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445
* Telnet service access restriction failure (CWE-284) - CVE-2023-38132
* Hidden Functionality (CWE-912) - CVE-2023-38576
* Buffer overflow (CWE-120) - CVE-2023-39454
* OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072
* OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 5.8 (Medium) [NVD Score]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-32626, CVE-2023-35991, CVE-2023-39445
|
CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38132
|
CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39454
|
CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39944, CVE-2023-40069
|
CVSS V3 Severity:
Base Metrics:6.8 (Medium) [Other]
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-38576
|
CVSS V3 Severity:
Base Metrics:6.8 (Medium) [Other]
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39455, CVE-2023-40072
|
|
|
ELECOM CO.,LTD.
- WAB-M1775-PS firmware v1.1.21 and earlier (CVE-2023-40072)
- WAB-M2133 firmware v1.3.22 and earlier (CVE-2023-40072)
- WAB-S1167 firmware v1.0.7 and earlier (CVE-2023-40072)
- WAB-S1775 firmware v1.1.9 and earlier (CVE-2023-40072)
- WAB-S300 all versions (CVE-2023-40072)
- WAB-S600-PS all versions (CVE-2023-40072)
- WRC-1167GHBK2 firmware all versions (CVE-2023-40069)
- WRC-1467GHBK-A all versions (CVE-2023-39455)
- WRC-1467GHBK-S all versions (CVE-2023-39455)
- WRC-1750GHBK firmware all versions (CVE-2023-39944)
- WRC-1750GHBK firmware all versions (CVE-2023-40069)
- WRC-1750GHBK-E firmware all versions (CVE-2023-40069)
- WRC-1750GHBK2-I firmware all versions (CVE-2023-40069)
- WRC-1900GHBK-A all versions (CVE-2023-39455)
- WRC-1900GHBK-S all versions (CVE-2023-39455)
- WRC-600GHBK-A all versions (CVE-2023-39455)
- WRC-733FEBK2-A all versions (CVE-2023-39455)
- WRC-F1167ACF firmware all versions (CVE-2023-39944)
- WRC-F1167ACF firmware all versions (CVE-2023-40069)
- WRC-F1167ACF2 all versions (CVE-2023-39455)
- WRC-X1800GS-B v1.13 and earlier (CVE-2023-39454)
- WRC-X1800GSA-B v1.13 and earlier (CVE-2023-39454)
- WRC-X1800GSH-B v1.13 and earlier (CVE-2023-39454)
Logitec Corp.
- LAN-W300N/DR all versions (CVE-2023-35991)
- LAN-W300N/P firmware all versions (CVE-2023-35991)
- LAN-W300N/PR5 all versions (CVE-2023-32626)
- LAN-W300N/RS firmware all versions (CVE-2023-32626)
- LAN-W451NGR all versions (CVE-2023-38132)
- LAN-WH300AN/DGP all versions (CVE-2023-35991)
- LAN-WH300ANDGPE all versions (CVE-2023-35991)
- LAN-WH300N/DGP firmware all versions (CVE-2023-35991)
- LAN-WH300N/DR all versions (CVE-2023-35991)
- LAN-WH300N/RE all versions (CVE-2023-38576, CVE-2023-39445)
- LAN-WH450N/GP all versions (CVE-2023-35991)
|
|
|
* An unauthenticated attacker may log in to the product's certain management console and execute arbitrary OS commands - CVE-2023-32626, CVE-2023-35991
* An unauthenticated attacker may log in to telnet service - CVE-2023-38132
* An authenticated user may execute arbitrary OS commands on a certain management console - CVE-2023-38576
* An unauthenticated attacker may execute arbitrary code by sending a specially crafted file to the product's certain management console - CVE-2023-39445
* An unauthenticated attacker may execute arbitrary code - CVE-2023-39454
* An authenticated user may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39455, CVE-2023-40072
* An attacker who can access the product may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39944, CVE-2023-40069
|
|
[Update the firmware]
For WRC-X1800GS-B, WRC-X1800GSA-B, and WRC-X1800GSH-B, WAB-M1775-PS, WAB-S1775, and WAB-S1167, and WAB-M2133, update the firmware to the latest version according to the information provided by the developer.
[Apply the workaround]
For WAB-S600-PS and WAB-S300, applying the following workarounds may mitigate the impact of CVE-2023-40072 issue.
* Change the setting page's login password
* Do not access other websites while logged in to the setting page
* Close the web browser after finishing operations on the setting page
* Delete the password for the setting page saved in the web browser
[Stop using the products]
According to the developer, the rest of the affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.
|
|
ELECOM CO.,LTD.
|
|
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) [Other]
- Improper Access Control(CWE-284) [Other]
- OS Command Injection(CWE-78) [Other]
- Hidden Functionality(CWE-912) [Other]
|
|
- CVE-2023-32626
- CVE-2023-35991
- CVE-2023-38132
- CVE-2023-38576
- CVE-2023-39445
- CVE-2023-39454
- CVE-2023-39455
- CVE-2023-39944
- CVE-2023-40069
- CVE-2023-40072
|
|
- JVN : JVNVU#91630351
- National Vulnerability Database (NVD) : CVE-2023-32626
- National Vulnerability Database (NVD) : CVE-2023-35991
- National Vulnerability Database (NVD) : CVE-2023-38132
- National Vulnerability Database (NVD) : CVE-2023-38576
- National Vulnerability Database (NVD) : CVE-2023-39445
- National Vulnerability Database (NVD) : CVE-2023-39454
- National Vulnerability Database (NVD) : CVE-2023-39455
- National Vulnerability Database (NVD) : CVE-2023-39944
- National Vulnerability Database (NVD) : CVE-2023-40069
- National Vulnerability Database (NVD) : CVE-2023-40072
|
|
- [2023/08/15]
Web page was published
- [2023/11/16]
Affected Products : Products were added
Vendor Information : Content was added
Solution was modified
- [2024/01/24]
Affected Products : Product was added
Solution was modified
- [2024/02/22]
CVSS Severity was modified
Affected Products : Product was added
Vendor Information : Content was modified
Solution was modified
References : Contents were added
|
