CVE-2023-37566

Published: Jul 13, 2023

Modified: Nov 6, 2024

PUBLISHED

Description

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.

Vendor	Product	Versions
ELECOM CO.,LTD.	WRC-1167GHBK3-A	affected `v1.24 and earlier`
ELECOM CO.,LTD.	WRC-1167FEBK-A	affected `v1.18 and earlier`
ELECOM CO.,LTD.	WRC-F1167ACF2	affected `all versions`
ELECOM CO.,LTD.	WRC-600GHBK-A	affected `all versions`
ELECOM CO.,LTD.	WRC-733FEBK2-A	affected `all versions`
ELECOM CO.,LTD.	WRC-1467GHBK-A	affected `all versions`
ELECOM CO.,LTD.	WRC-1900GHBK-A	affected `all versions`
LOGITEC CORPORATION	LAN-W301NR	affected `all versions`

References

https://www.elecom.co.jp/news/security/20230810-01/

https://www.elecom.co.jp/news/security/20230711-01/

https://jvn.jp/en/vu/JVNVU91850798/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-37566

Description

Affected Products

References