ID

VAR-202308-2593


CVE

CVE-2023-40069


TITLE

Multiple vulnerabilities in ELECOM and Logitech network equipment

Trust: 0.8

sources: JVNDB: JVNDB-2023-002797

DESCRIPTION

OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen

Trust: 1.71

sources: NVD: CVE-2023-40069 // JVNDB: JVNDB-2023-002797 // VULMON: CVE-2023-40069

AFFECTED PRODUCTS

vendor:elecommodel:wrc-1750ghbk-escope:eqversion:*

Trust: 1.0

vendor:elecommodel:wrc-1750ghbk2-iscope:eqversion:*

Trust: 1.0

vendor:elecommodel:wrc-f1167acfscope:eqversion:*

Trust: 1.0

vendor:elecommodel:wrc-1750ghbkscope:eqversion:*

Trust: 1.0

vendor:elecommodel:wrc-1167ghbk2scope:eqversion:*

Trust: 1.0

vendor:エレコム株式会社model:wab-i1750-psscope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-w451ngrscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-1750ghbkscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-1750ghbk-escope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wab-s1167-psscope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-wh300n/rescope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wab-m1775-psscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wab-m2133scope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-wh300andgpescope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-w300n/rsscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-1900ghbk-sscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-1900ghbk-ascope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wab-s1775scope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-w300n/drscope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-wh450n/gpscope:eqversion:all s (cve-2023-35991)

Trust: 0.8

vendor:エレコム株式会社model:wrc-1467ghbk-sscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-1467ghbk-ascope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-w300n/pscope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-wh300n/drscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-f1167acfscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-1750ghbk2-iscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-x1800gsa-bscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-f1167acf2scope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-x1800gsh-bscope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-w300n/pr5scope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-600ghbk-ascope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-733febk2-ascope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-wh300n/dgpscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wab-s1167scope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-1167ghbk2scope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wrc-x1800gs-bscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wab-s600-psscope: - version: -

Trust: 0.8

vendor:ロジテック株式会社model:lan-wh300an/dgpscope: - version: -

Trust: 0.8

vendor:エレコム株式会社model:wab-s300scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-40069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-40069
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2023-40069
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2023-002797
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-40069
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-002797
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-40069 // NVD: CVE-2023-40069

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

problemtype: Unpublished features (CWE-912) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-40069

PATCH

title:wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.url:https://www.elecom.co.jp/news/security/

Trust: 0.8

sources: JVNDB: JVNDB-2023-002797

EXTERNAL IDS

db:NVDid:CVE-2023-40069

Trust: 2.7

db:JVNid:JVNVU91630351

Trust: 1.9

db:JVNDBid:JVNDB-2023-002797

Trust: 0.8

db:VULMONid:CVE-2023-40069

Trust: 0.1

sources: VULMON: CVE-2023-40069 // JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-40069

REFERENCES

url:https://jvn.jp/en/vu/jvnvu91630351/

Trust: 1.1

url:https://www.elecom.co.jp/news/security/20230810-01/

Trust: 1.1

url:http://jvn.jp/vu/jvnvu91630351/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-32626

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-35991

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-38132

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-38576

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-39445

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-39454

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-39455

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-39944

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-40069

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-40072

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-40069 // JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-40069

SOURCES

db:VULMONid:CVE-2023-40069
db:JVNDBid:JVNDB-2023-002797
db:NVDid:CVE-2023-40069

LAST UPDATE DATE

2024-10-09T22:43:21.527000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-40069date:2023-08-18T00:00:00
db:JVNDBid:JVNDB-2023-002797date:2024-08-28T08:03:00
db:NVDid:CVE-2023-40069date:2024-10-08T20:35:05.757

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-40069date:2023-08-18T00:00:00
db:JVNDBid:JVNDB-2023-002797date:2023-08-15T00:00:00
db:NVDid:CVE-2023-40069date:2023-08-18T10:15:12.653