CVE-2023-40069
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ELECOM CO.,LTD. | WRC-F1167ACF | all versions | affected |
| ELECOM CO.,LTD. | WRC-1750GHBK | all versions | affected |
| ELECOM CO.,LTD. | WRC-1167GHBK2 | all versions | affected |
| ELECOM CO.,LTD. | WRC-1750GHBK2-I | all versions | affected |
| ELECOM CO.,LTD. | WRC-1750GHBK-E | all versions | affected |
Weaknesses
- OS command injection
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.