CVE-2023-37561

Summary

Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRH-300WH-Hv2.12 and earlieraffected
ELECOM CO.,LTD.WTC-300HWHv1.09 and earlieraffected
ELECOM CO.,LTD.WTC-C1167GC-Bv1.17 and earlieraffected
ELECOM CO.,LTD.WTC-C1167GC-Wv1.17 and earlieraffected

Weaknesses

  • Open Redirect

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References