Command Injection Vulnerability in ELECOM and LOGITEC Wireless LAN Routers
CVE-2023-37567

9.8CRITICAL

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-1167ghbk3-a; Wrc-f1167acf2; Wrc-600ghbk-a; Wrc-733febk2-a
Vendor: CVE Published:; 13 July 2023

Summary

A command injection vulnerability exists in ELECOM and LOGITEC wireless LAN routers, enabling remote attackers to execute arbitrary commands by sending specially crafted requests to the web management page's specific port. This flaw compromises the devices, allowing unauthorized access and potential manipulation of network functions, affecting multiple router models and versions.

Affected Version(s)

LAN-W301NR all versions

WRC-1167GHBK3-A v1.24 and earlier

WRC-1467GHBK-A all versions

References

https://www.elecom.co.jp/news/security/20230810-01/

https://www.elecom.co.jp/news/security/20230711-01/

https://jvn.jp/en/vu/JVNVU91850798/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Jul 7, 2023