CVE-2023-39944 - OpenCVE

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Elecom	Wrc-1750ghbk Wrc-f1167acf Firmware Wrc-f1167acf Wrc-1750ghbk Firmware

Configuration 1 [-]

AND

cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/en/vu/JVNVU91630351/	Third Party Advisory
https://www.elecom.co.jp/news/security/20230810-01/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2023-08-18T09:43:35.233Z

Updated: 2023-08-18T09:43:35.233Z

Reserved: 2023-08-09T11:54:55.787Z

Link: CVE-2023-39944

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-18T10:15:12.403

Modified: 2023-08-23T16:47:51.790

Link: CVE-2023-39944

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0233A6C1-4F74-4347-B204-899F0504E713", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*", "matchCriteriaId": "C244EA13-D45C-4968-A330-3AD80F588537", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00CABDD-B213-4DAA-9FC4-D907AC465134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D1F1675-60C1-4150-8306-1592F88D3DAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request."}, {"lang": "es", "value": "La vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en WRC-F1167ACF todas las versiones y WRC-1750GHBK todas las versiones permite a un atacante que pueda acceder al producto ejecutar un comando arbitrario del sistema operativo enviando una solicitud especialmente dise\u00f1ada.\n"}], "id": "CVE-2023-39944", "lastModified": "2023-08-23T16:47:51.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-18T10:15:12.403", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU91630351/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20230810-01/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}