OS Command Execution Vulnerability in WN-G300R3 Firmware by I-O Data
CVE-2017-2141

7.2HIGH

Key Information:

Vendor: I-o Data Device, Inc.
Status: Wn-g300r3
Vendor: CVE Published:; 28 April 2017

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2017-2141?

The firmware of WN-G300R3 versions prior to 1.03 is susceptible to an OS command execution vulnerability. This flaw enables attackers with administrator privileges to run arbitrary operating system commands through unspecified vectors. This poses significant security risks, allowing potential exploitation of the device's functionalities.

Affected Version(s)

WN-G300R3 firmware Ver.1.03 and earlier

References

http://jvn.jp/en/jp/JVN81024552/index.html

third-party-advisoryx_refsource_JVN

http://www.iodata.jp/support/information/2017/wn-g300r3/

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2017
Vulnerability Reserved
Dec 1, 2016