Sensitive Information Exposure in ELECOM Wireless LAN Routers
CVE-2023-37563

6.5MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-1167ghbk-s; Wrc-1167gebk-s; Wrc-1167febk-s; Wrc-1167ghbk3-a
Vendor: CVE Published:; 13 July 2023

Summary

ELECOM wireless LAN routers are susceptible to a vulnerability that can lead to the exposure of sensitive information. This flaw allows unauthorized attackers on the same network to access confidential data, potentially leading to further exploitation. Various models, including WRC-1167 and WRC-1900, have been identified as at risk, particularly those running specific unsupported firmware versions. Users are urged to check their router firmware and apply necessary updates.

Affected Version(s)

WRC-1167FEBK-A v1.18 and earlier

WRC-1167FEBK-S v1.04 and earlier

WRC-1167GEBK-S v1.03 and earlier

References

https://www.elecom.co.jp/news/security/20230810-01/

https://www.elecom.co.jp/news/security/20230711-01/

https://jvn.jp/en/jp/JVN05223215/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Jul 7, 2023