CVE-2023-49695

Summary

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-X3000GSNv1.0.2affected
ELECOM CO.,LTD.WRC-X3000GSv1.0.24 and earlieraffected
ELECOM CO.,LTD.WRC-X3000GSAv1.0.24 and earlieraffected

Weaknesses

  • OS command injection

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References