CVE-2023-40069

Summary

OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-F1167ACFall versionsaffected
ELECOM CO.,LTD.WRC-1750GHBKall versionsaffected
ELECOM CO.,LTD.WRC-1167GHBK2all versionsaffected
ELECOM CO.,LTD.WRC-1750GHBK2-Iall versionsaffected
ELECOM CO.,LTD.WRC-1750GHBK-Eall versionsaffected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References