CVE-2023-37565 - OpenCVE

Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Elecom	Wrc-1167febk-a Firmware Wrc-1167ghbk3-a Firmware Wrc-1167gebk-s Firmware Wrc-1167ghbk-s Wrc-1167febk-s Firmware Wrc-1167febk-s Wrc-1167ghbk3-a Wrc-1167febk-a Wrc-1167ghbk-s Firmware Wrc-1167gebk-s

Configuration 1 [-]

AND

cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/en/jp/JVN05223215/	Third Party Advisory
https://www.elecom.co.jp/news/security/20230711-01/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2023-07-13T03:04:25.910Z

Updated: 2023-07-13T03:04:25.910Z

Reserved: 2023-07-07T08:46:11.999Z

Link: CVE-2023-37565

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-13T04:15:10.303

Modified: 2023-07-25T14:50:48.460

Link: CVE-2023-37565

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "73FE02E7-2700-4C34-8DA7-F04040ABD427", "versionEndIncluding": "1.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EA23990-CAE0-4EDE-8355-530CB0D72288", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D15FBA3F-C309-4B24-B4B0-FF271DC24681", "versionEndIncluding": "1.03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "1840F3EA-A2F1-4E0D-A179-A0141BDA1760", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7200E9A-0713-461F-AD6D-03151D62F0B0", "versionEndIncluding": "1.04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7EF5A7C-3EEA-4592-A25C-E254DF703FFF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDA47F4E-73D6-4F96-8EF4-8896701F6990", "versionEndIncluding": "1.24", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6248727-0D48-44DA-A44A-87FD71ECEDA6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FA6AB13-9CBF-46A1-89E8-1D341E6FBE03", "versionEndIncluding": "1.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F6BA0C4-7C5C-4BF3-A268-4978590041E6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."}], "id": "CVE-2023-37565", "lastModified": "2023-07-25T14:50:48.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-13T04:15:10.303", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN05223215/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20230711-01/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}