CVE-2023-40072

Summary

OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WAB-S600-PSall versionsaffected
ELECOM CO.,LTD.WAB-S300all versionsaffected
ELECOM CO.,LTD.WAB-S1775v1.1.9 and earlieraffected
ELECOM CO.,LTD.WAB-M1775-PSv1.1.21 and earlieraffected
ELECOM CO.,LTD.WAB-S1167v1.0.7 and earlieraffected
ELECOM CO.,LTD.WAB-M2133v1.3.22 and earlieraffected
ELECOM CO.,LTD.WAB-I1750-PSv1.5.10 and earlieraffected
ELECOM CO.,LTD.WAB-S1167-PSv1.5.6 and earlieraffected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References