OS Command Injection Vulnerability in Elecom WRC-X3000GS2 Products
CVE-2023-43752

8HIGH

Key Information:

Vendor: ELECOM CO.,LTD.
Status: WRC-X3000GS2-W; WRC-X3000GS2-B; WRC-X3000GS2A-B
Vendor: CVE Published:; 16 November 2023

Summary

An OS command injection vulnerability exists in the Elecom WRC-X3000GS2 series, specifically affecting WRC-X3000GS2-W, WRC-X3000GS2-B, and WRC-X3000GS2A-B versions prior to v1.05. This flaw enables a network-adjacent authenticated user to execute arbitrary operating system commands through the submission of specially crafted requests, presenting a significant security risk to affected devices. It is essential for users of these products to implement the necessary updates to mitigate this vulnerability.

Affected Version(s)

WRC-X3000GS2-B v1.05 and earlier

WRC-X3000GS2-W v1.05 and earlier

WRC-X3000GS2A-B v1.05 and earlier

References

https://www.elecom.co.jp/news/security/20231114-01/

https://jvn.jp/en/vu/JVNVU94119876/

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2023
Vulnerability Reserved
Oct 31, 2023