Arbitrary Command Execution Vulnerability in WN-AX1167GR Firmware by I-O Data
CVE-2017-2281

8.8HIGH

Key Information:

Vendor: I-o Data Device, Inc.
Status: Wn-ax1167gr
Vendor: CVE Published:; 2 August 2017

🔔 Create I-o Data Device, Inc. Vulnerability Alert

What is CVE-2017-2281?

The firmware of the WN-AX1167GR model by I-O Data contains a vulnerability that allows unauthorized users to execute arbitrary operating system commands. This security flaw can be exploited through unspecified vectors, posing significant risks to the integrity and confidentiality of the affected system. Users of the WN-AX1167GR firmware version 3.00 and earlier are urged to apply necessary security measures to mitigate the potential threats associated with this vulnerability.

Affected Version(s)

WN-AX1167GR firmware version 3.00 and earlier

References

https://jvn.jp/en/jp/JVN01312667/index.html

third-party-advisoryx_refsource_JVN

http://www.iodata.jp/support/information/2017/wn-ax1167gr/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2017
Vulnerability Reserved
Dec 1, 2016