OS Command Injection Vulnerability in Elecom WRC-F1167ACF and WRC-1750GHBK Routers
CVE-2023-39944

8.8HIGH

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-f1167acf; Wrc-1750ghbk
Vendor: CVE Published:; 18 August 2023

Summary

A critical OS command injection flaw has been discovered in Elecom devices, specifically the WRC-F1167ACF and WRC-1750GHBK routers. This vulnerability allows attackers who gain access to the router to execute arbitrary operating system commands by sending specially crafted requests. Immediate action is recommended to mitigate potential security breaches that may arise from this weakness.

Affected Version(s)

WRC-1750GHBK all versions

WRC-F1167ACF all versions

References

https://www.elecom.co.jp/news/security/20230810-01/

https://jvn.jp/en/vu/JVNVU91630351/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 18, 2023
Vulnerability Reserved
Aug 9, 2023