All the vulnerabilites related to elecom - lan-wh450n\/gp_firmware
Vulnerability from fkie_nvd
Published
2023-08-18 10:15
Modified
2024-11-21 08:09
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
References
vultures@jpcert.or.jphttps://jvn.jp/en/vu/JVNVU91630351/Third Party Advisory
vultures@jpcert.or.jphttps://www.elecom.co.jp/news/security/20230810-01/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jvn.jp/en/vu/JVNVU91630351/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.elecom.co.jp/news/security/20230810-01/Vendor Advisory
Impacted products
Vendor Product Version
elecom lan-wh300andgpe_firmware *
elecom lan-wh300andgpe -
elecom lan-wh300n\/dgp_firmware *
elecom lan-wh300n\/dgp -
elecom lan-wh300an\/dgp_firmware *
elecom lan-wh300an\/dgp -
elecom lan-wh450n\/gp_firmware *
elecom lan-wh450n\/gp -
elecom lan-w300n\/p_firmware *
elecom lan-w300n\/p -
elecom lan-wh300n\/dr_firmware *
elecom lan-wh300n\/dr -
elecom lan-w300n\/dr_firmware *
elecom lan-w300n\/dr -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80C5EED-C11F-406F-A12D-93394399DABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:lan-wh300andgpe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98BCD9E6-DF0B-4461-9B01-E34FB0E62C90",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B86CEF6B-25E8-4607-B628-D1489636155B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:lan-wh300n\\/dgp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27DECBE-877C-4888-A4B0-C0A65A590640",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E495CC1C-9322-4B9A-93D4-50FA8FE409EB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:lan-wh300an\\/dgp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEFA728A-9DAB-45A5-9289-58F8E6F98EE9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF7989C-3F41-4601-A09B-FAF622022C2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:lan-wh450n\\/gp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D09E3E3-0A1B-430F-AB4B-3E352510C3AC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B719FD0E-EB75-4B62-BADF-3C9823B69210",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:lan-w300n\\/p:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD881BC-A228-4402-8A09-5E862B448A62",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB9404A-109C-42A4-8EF7-6750F9A3CA78",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:lan-wh300n\\/dr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6033A1F2-32BF-4F29-B4BB-111B871D6391",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3269F8A1-68A5-420B-8EEE-00895FB2D854",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:elecom:lan-w300n\\/dr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FF0FFE9-F32F-46AC-8154-04F97680F786",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de funcionalidad oculta en los routers LAN inal\u00e1mbricos de LOGITEC permite a un atacante no autenticado iniciar sesi\u00f3n en la consola de gesti\u00f3n determinada del producto y ejecutar comandos arbitrarios del sistema operativo. Los productos y versiones afectados son los siguientes LAN-W300N/DR todas las versiones, LAN-WH300N/DR todas las versiones, LAN-W300N/P todas las versiones, LAN-WH450N/GP todas las versiones, LAN-WH300AN/DGP todas las versiones, LAN-WH300N/DGP todas las versiones y LAN-WH300ANDGPE todas las versiones.\n"
    }
  ],
  "id": "CVE-2023-35991",
  "lastModified": "2024-11-21T08:09:07.520",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-08-18T10:15:10.267",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU91630351/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elecom.co.jp/news/security/20230810-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/vu/JVNVU91630351/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.elecom.co.jp/news/security/20230810-01/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2023-35991
Vulnerability from cvelistv5
Published
2023-08-18 09:37
Modified
2024-10-21 20:26
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
References
https://www.elecom.co.jp/news/security/20230810-01/
https://jvn.jp/en/vu/JVNVU91630351/
Impacted products
Vendor Product Version
LOGITEC CORPORATION LAN-WH300N/DR Version: all versions
LOGITEC CORPORATION LAN-W300N/P Version: all versions
LOGITEC CORPORATION LAN-WH450N/GP Version: all versions
LOGITEC CORPORATION LAN-WH300AN/DGP Version: all versions
LOGITEC CORPORATION LAN-WH300N/DGP Version: all versions
LOGITEC CORPORATION LAN-WH300ANDGPE Version: all versions
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:37:40.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-wh450n\\/gp_firmware",
            "vendor": "elecom",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-35991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T20:16:01.788562Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T20:26:02.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-W300N/DR",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300N/DR",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-W300N/P",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH450N/GP",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300AN/DGP",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300N/DGP",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        },
        {
          "product": "LAN-WH300ANDGPE",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hidden Functionality",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:37:37.744Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-35991",
    "datePublished": "2023-08-18T09:37:37.744Z",
    "dateReserved": "2023-08-09T11:54:58.462Z",
    "dateUpdated": "2024-10-21T20:26:02.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}