CVE-2023-37566

Summary

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-1167GHBK3-Av1.24 and earlieraffected
ELECOM CO.,LTD.WRC-1167FEBK-Av1.18 and earlieraffected
ELECOM CO.,LTD.WRC-F1167ACF2all versionsaffected
ELECOM CO.,LTD.WRC-600GHBK-Aall versionsaffected
ELECOM CO.,LTD.WRC-733FEBK2-Aall versionsaffected
ELECOM CO.,LTD.WRC-1467GHBK-Aall versionsaffected
ELECOM CO.,LTD.WRC-1900GHBK-Aall versionsaffected
LOGITEC CORPORATIONLAN-W301NRall versionsaffected

Weaknesses

  • Arbitrary command execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References