Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
41 vulnerabilities by elecom
VAR-202112-0023
Vulnerability from variot - Updated: 2024-04-19 22:39Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. elecom lan routers is a router of Japan Elecom.
Elecom lan routers has an access control error vulnerability. Attackers can use this vulnerability to bypass access restrictions and access the product management screen through an unspecified vector
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-2533gs2-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "wrc-2533gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2sp",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gs2-w",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "wrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1167gst2a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gsta",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2-g",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1900gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "edwrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1167gst2h",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1750gs",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1750gsv",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "2.11"
},
{
"model": "wrc-1167gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2a",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2h",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gs2-b",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.52"
},
{
"model": "lan routers \u003c=wrc-2533gs2-w",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.52"
},
{
"model": "lan routers \u003c=wrc-1750gs",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-1750gsv",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v2.11"
},
{
"model": "lan routers \u003c=wrc-1900gst",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gst",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gsta",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gst2sp",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gst2-g",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=edwrc-2533gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.52",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.52",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"cve": "CVE-2021-20861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-95485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-95485",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2334",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. elecom lan routers is a router of Japan Elecom. \n\r\n\r\nElecom lan routers has an access control error vulnerability. Attackers can use this vulnerability to bypass access restrictions and access the product management screen through an unspecified vector",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20861"
},
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20861",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CS-HELP",
"id": "SB2021113005",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2021-95485",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"id": "VAR-202112-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
]
},
"last_update_date": "2024-04-19T22:39:53.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303631"
},
{
"title": "elecom lan Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172659"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 1.6,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113005"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"date": "2021-12-01T03:15:07.130000",
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
}
],
"trust": 0.6
}
}
VAR-202112-0166
Vulnerability from variot - Updated: 2024-04-19 22:39ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. Elecom lan routers is a router of Japan Elecom.
There is an operating system command injection vulnerability in elecom lan routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-733gwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "wrh-733gbk",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gbk",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gwh",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"cve": "CVE-2021-20854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-95483",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20854",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-95483",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2346",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2346"
},
{
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. Elecom lan routers is a router of Japan Elecom. \n\r\n\r\nThere is an operating system command injection vulnerability in elecom lan routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20854"
},
{
"db": "CNVD",
"id": "CNVD-2021-95483"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20854",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2021-95483",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021113002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2346",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2346"
},
{
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"id": "VAR-202112-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
}
]
},
"last_update_date": "2024-04-19T22:39:53.036000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers operating system command injection vulnerability (CNVD-2021-95483)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303641"
},
{
"title": "elecom lan Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172269"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20854"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2346"
},
{
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2346"
},
{
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2346"
},
{
"date": "2021-12-01T03:15:06.807000",
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95483"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2346"
},
{
"date": "2021-12-02T19:45:22.837000",
"db": "NVD",
"id": "CVE-2021-20854"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2346"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers operating system command injection vulnerability (CNVD-2021-95483)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95483"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2346"
}
],
"trust": 0.6
}
}
VAR-202112-0026
Vulnerability from variot - Updated: 2024-04-19 22:39Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-733gwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "wrh-733gbk",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gbk",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gwh",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"cve": "CVE-2021-20855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-95487",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20855",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-95487",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2345",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2345"
},
{
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20855"
},
{
"db": "CNVD",
"id": "CNVD-2021-95487"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20855",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CS-HELP",
"id": "SB2021113002",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2021-95487",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2345",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2345"
},
{
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"id": "VAR-202112-0026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
}
]
},
"last_update_date": "2024-04-19T22:39:52.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303621"
},
{
"title": "elecom lan Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172525"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 1.6,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20855"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2345"
},
{
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2345"
},
{
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2345"
},
{
"date": "2021-12-01T03:15:06.850000",
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95487"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2345"
},
{
"date": "2021-12-02T16:58:59.157000",
"db": "NVD",
"id": "CVE-2021-20855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2345"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95487"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2345"
}
],
"trust": 0.6
}
}
VAR-202112-0025
Vulnerability from variot - Updated: 2024-04-19 22:39Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0025",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-733gwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "wrh-733gbk",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gbk",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gwh",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"cve": "CVE-2021-20856",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-95482",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20856",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-95482",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2344",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2344"
},
{
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20856"
},
{
"db": "CNVD",
"id": "CNVD-2021-95482"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20856",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2021-95482",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021113002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2344",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2344"
},
{
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"id": "VAR-202112-0025",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
}
]
},
"last_update_date": "2024-04-19T22:39:52.974000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers cross-site scripting vulnerability (CNVD-2021-95482)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303646"
},
{
"title": "elecom lan Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172524"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20856"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2344"
},
{
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2344"
},
{
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2344"
},
{
"date": "2021-12-01T03:15:06.897000",
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95482"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2344"
},
{
"date": "2021-12-02T16:28:41.313000",
"db": "NVD",
"id": "CVE-2021-20856"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2344"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers cross-site scripting vulnerability (CNVD-2021-95482)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95482"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2344"
}
],
"trust": 0.6
}
}
VAR-202112-0024
Vulnerability from variot - Updated: 2024-04-19 22:39Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-2533ghbk-i",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.20"
},
{
"model": "lan routers \u003c=wrc-2533ghbk-i",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533ghbk-i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533ghbk-i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"cve": "CVE-2021-20857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-95481",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20857",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-95481",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2342",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2342"
},
{
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20857"
},
{
"db": "CNVD",
"id": "CNVD-2021-95481"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20857",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2021-95481",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021113003",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2342",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2342"
},
{
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"id": "VAR-202112-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
}
]
},
"last_update_date": "2024-04-19T22:39:52.948000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers cross-site scripting vulnerability (CNVD-2021-95481)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303651"
},
{
"title": "elecom lan Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172265"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2342"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113003"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20857"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2342"
},
{
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2342"
},
{
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2342"
},
{
"date": "2021-12-01T03:15:06.940000",
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95481"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2342"
},
{
"date": "2021-12-02T16:29:45.350000",
"db": "NVD",
"id": "CVE-2021-20857"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2342"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers cross-site scripting vulnerability (CNVD-2021-95481)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95481"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2342"
}
],
"trust": 0.6
}
}
VAR-202112-0004
Vulnerability from variot - Updated: 2024-04-19 22:39Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. elecom lan routers is a router of Japan Elecom.
Elecom lan routers has a cross-site request forgery vulnerability, which can be exploited by attackers to hijack administrator authentication through a specially crafted page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-2533gs2-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "wrc-2533gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2sp",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gs2-w",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "wrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1167gst2a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gsta",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2-g",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1900gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "edwrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1167gst2h",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1750gs",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1750gsv",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "2.11"
},
{
"model": "wrc-1167gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2a",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2h",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gs2-b",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.52"
},
{
"model": "lan routers \u003c=wrc-2533gs2-w",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.52"
},
{
"model": "lan routers \u003c=wrc-1750gs",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-1750gsv",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v2.11"
},
{
"model": "lan routers \u003c=wrc-1900gst",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gst",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gsta",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gst2sp",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gst2-g",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=edwrc-2533gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.52",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.52",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"cve": "CVE-2021-20860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-95486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20860",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-95486",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2337",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2337"
},
{
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. elecom lan routers is a router of Japan Elecom. \n\r\n\r\nElecom lan routers has a cross-site request forgery vulnerability, which can be exploited by attackers to hijack administrator authentication through a specially crafted page",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20860"
},
{
"db": "CNVD",
"id": "CNVD-2021-95486"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20860",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CS-HELP",
"id": "SB2021113005",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2021-95486",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2337",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2337"
},
{
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"id": "VAR-202112-0004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
}
]
},
"last_update_date": "2024-04-19T22:39:52.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303626"
},
{
"title": "elecom lan Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172660"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2337"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 1.6,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113005"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20860"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2337"
},
{
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2337"
},
{
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2337"
},
{
"date": "2021-12-01T03:15:07.080000",
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95486"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2337"
},
{
"date": "2021-12-02T14:01:11.917000",
"db": "NVD",
"id": "CVE-2021-20860"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2337"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95486"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2337"
}
],
"trust": 0.6
}
}
VAR-202112-0008
Vulnerability from variot - Updated: 2024-04-19 22:39Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-2533ghbk-i",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.20"
},
{
"model": "lan routers \u003c=wrc-2533ghbk-i",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533ghbk-i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533ghbk-i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"cve": "CVE-2021-20858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2021-95484",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20858",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-95484",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2340",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2340"
},
{
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20858"
},
{
"db": "CNVD",
"id": "CNVD-2021-95484"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20858",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2021-95484",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021113003",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2340",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2340"
},
{
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"id": "VAR-202112-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
}
]
},
"last_update_date": "2024-04-19T22:39:52.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers cross-site scripting vulnerability (CNVD-2021-95484)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303636"
},
{
"title": "elecom lan Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172521"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2340"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113003"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20858"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2340"
},
{
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2340"
},
{
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2340"
},
{
"date": "2021-12-01T03:15:06.983000",
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95484"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2340"
},
{
"date": "2021-12-01T08:05:59.137000",
"db": "NVD",
"id": "CVE-2021-20858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2340"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers cross-site scripting vulnerability (CNVD-2021-95484)",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95484"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2340"
}
],
"trust": 0.6
}
}
VAR-201505-0274
Vulnerability from variot - Updated: 2024-04-18 13:16The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0274",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dir-619l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.13"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.03"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.04"
},
{
"model": "dir-600l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.00"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.05"
},
{
"model": "dir-605l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.00"
},
{
"model": "dir-605l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dir-600l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.15"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02"
},
{
"model": "sdk",
"scope": "eq",
"trust": 1.0,
"vendor": "realtek",
"version": null
},
{
"model": "dir-905l",
"scope": "lte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.02"
},
{
"model": "dir-619l",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "2.00"
},
{
"model": "dir-809",
"scope": "gte",
"trust": 1.0,
"vendor": "dlink",
"version": "1.00"
},
{
"model": "wsr-300hp",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 2.30"
},
{
"model": "ld-ps/u1",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20643)"
},
{
"model": "ncc-ewf100rmwh2",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20650)"
},
{
"model": "wrc-1467ghbk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20644)"
},
{
"model": "wrc-300febk",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "wrc-300febk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20645, cve-2021-20646)"
},
{
"model": "wrc-300febk-s",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
},
{
"model": "wrc-f300nf",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.15 )"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "b1 ( firmware 2.056b06 )"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.15"
},
{
"model": "dir-600l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.056b06"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.14b06 )"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "bx ( firmware 2.07b02 )"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "c1 ( firmware 3.03b07 )"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14b06"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.07b02"
},
{
"model": "dir-605l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "3.03b07"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.15 )"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "b1 ( firmware 2.07b02 )"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.15"
},
{
"model": "dir-619l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "2.07b02"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.04b02 )"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a2 ( firmware 1.04b02 )"
},
{
"model": "dir-809",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.04b02"
},
{
"model": "dir-900l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "a1 ( firmware 1.14b02 )"
},
{
"model": "dir-900l",
"scope": "lte",
"trust": 0.8,
"vendor": "d link",
"version": "1.14b02"
},
{
"model": "sdk",
"scope": null,
"trust": 0.8,
"vendor": "realtek semiconductor corp",
"version": null
},
{
"model": "rtl81xx sdk",
"scope": null,
"trust": 0.7,
"vendor": "realtek",
"version": null
},
{
"model": "dir-600l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.15"
},
{
"model": "dir-600l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.05"
},
{
"model": "dir-905l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.02"
},
{
"model": "dir-605l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.13"
},
{
"model": "dir-605l",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.04"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"versionStartIncluding": "1.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.04",
"versionStartIncluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.15",
"versionStartIncluding": "1.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.05",
"versionStartIncluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.15",
"versionStartIncluding": "1.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.03",
"versionStartIncluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ricky \"HeadlessZeke\" Lawshae",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
}
],
"trust": 1.6
},
"cve": "CVE-2014-8361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-8361",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000194",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-76306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000194",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 4.8,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2014-8361",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000194",
"trust": 0.8,
"value": "High"
},
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-8361",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-581",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-76306",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-8361",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
}
],
"trust": 4.14
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-76306",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37169",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8361",
"trust": 5.2
},
{
"db": "ZDI",
"id": "ZDI-15-155",
"trust": 3.6
},
{
"db": "JVN",
"id": "JVN47580234",
"trust": 2.6
},
{
"db": "BID",
"id": "74330",
"trust": 2.1
},
{
"db": "DLINK",
"id": "SAP10055",
"trust": 2.1
},
{
"db": "JVN",
"id": "JVN67456944",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "37169",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "132090",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVN74871939",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2435",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581",
"trust": 0.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000028",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-97587",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76306",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-8361",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"id": "VAR-201505-0274",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76306"
}
],
"trust": 0.759098647142857
},
"last_update_date": "2024-04-18T13:16:59.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20170804_2.html"
},
{
"title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"title": "RTL81xx",
"trust": 0.8,
"url": "http://www.realtek.com/search/default.aspx?keyword=rtl81"
},
{
"title": "SAP10055",
"trust": 0.8,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
},
{
"title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.Vendor Contact Timeline:08/13/2014 - ZDI wrote to vendor requesting contact and PGP09/04/2014 - ZDI wrote to vendor requesting contact and PGP09/29/2014 - ZDI wrote to vendor requesting contact and PGP10/22/2014 - ZDI wrote to vendor requesting contact and PGP, indicated \"final\" email attempt and informed of intent to 0-day04/24/2015 - Public release of advisory-- Mitigation:Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.",
"trust": 0.7,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
},
{
"title": "Realtek SDK miniigd SOAP Fixes for service remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96763"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/xuguowong/mirai-mal "
},
{
"title": "api.greynoise.io",
"trust": 0.1,
"url": "https://github.com/greynoise-intelligence/api.greynoise.io "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/valve-source-engine-fortnite-servers-crippled-by-gafgyt-variant/149719/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/new-mirai-samples-grow-the-number-of-processors-targets/143566/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/huawei-router-default-credential/140234/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/router-crapfest-malware-author-builds-18-000-strong-botnet-in-a-day/"
},
{
"title": "Securelist",
"trust": 0.1,
"url": "https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h2-2017/85053/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/jenx-botnet-has-grand-theft-auto-hook/129759/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/satori-author-linked-to-new-mirai-variant-masuta/129640/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/satori-botnet-is-now-attacking-ethereum-mining-rigs/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/amateur-hacker-behind-satori-botnet/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/unpatched-router-vulnerability-could-lead-to-code-execution/112524/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-94",
"trust": 0.8
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-155/"
},
{
"trust": 2.4,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
},
{
"trust": 2.1,
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/37169/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/74330"
},
{
"trust": 1.8,
"url": "http://jvn.jp/en/jp/jvn47580234/index.html"
},
{
"trust": 1.8,
"url": "http://jvn.jp/en/jp/jvn67456944/index.html"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/132090/realtek-sdk-miniigd-upnp-soap-command-execution.html"
},
{
"trust": 1.1,
"url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
},
{
"trust": 1.1,
"url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn74871939/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn47580234/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8361"
},
{
"trust": 0.7,
"url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000028.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
},
{
"trust": 0.3,
"url": "http://www.realtek.com.tw/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"db": "VULHUB",
"id": "VHN-76306"
},
{
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"db": "BID",
"id": "74330"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"date": "2015-05-01T00:00:00",
"db": "VULHUB",
"id": "VHN-76306"
},
{
"date": "2015-05-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"date": "2015-04-24T00:00:00",
"db": "BID",
"id": "74330"
},
{
"date": "2017-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2015-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"date": "2015-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"date": "2015-05-01T15:59:01.287000",
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "ZDI",
"id": "ZDI-15-155"
},
{
"date": "2019-08-14T00:00:00",
"db": "VULHUB",
"id": "VHN-76306"
},
{
"date": "2023-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8361"
},
{
"date": "2015-05-07T18:22:00",
"db": "BID",
"id": "74330"
},
{
"date": "2017-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000194"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2015-05-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-008039"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-581"
},
{
"date": "2023-09-05T22:15:07.477000",
"db": "NVD",
"id": "CVE-2014-8361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WSR-300HP vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-581"
}
],
"trust": 0.6
}
}
VAR-202112-0167
Vulnerability from variot - Updated: 2024-04-18 13:10ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. elecom lan routers is a router of Japan Elecom.
There is an operating system command injection vulnerability in elecom lan routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-733gwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "wrh-733gbk",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gbk",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gwh",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"cve": "CVE-2021-20853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-95488",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20853",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-95488",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2347",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2347"
},
{
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. elecom lan routers is a router of Japan Elecom. \n\r\n\r\nThere is an operating system command injection vulnerability in elecom lan routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20853"
},
{
"db": "CNVD",
"id": "CNVD-2021-95488"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20853",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000108",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2021-95488",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021113002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2347",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2347"
},
{
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"id": "VAR-202112-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
}
]
},
"last_update_date": "2024-04-18T13:10:59.853000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers operating system command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303616"
},
{
"title": "elecom lan Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172270"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2347"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 1.6,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.2,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000108.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20853"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2347"
},
{
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2347"
},
{
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2347"
},
{
"date": "2021-12-01T03:15:06.757000",
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95488"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2347"
},
{
"date": "2021-12-02T19:45:37.587000",
"db": "NVD",
"id": "CVE-2021-20853"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2347"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers operating system command injection vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95488"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2347"
}
],
"trust": 0.6
}
}
VAR-202112-0168
Vulnerability from variot - Updated: 2024-04-18 13:10Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. elecom lan routers is a router of Japan Elecom
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-733gwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "wrh-733gbk",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gbk",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
},
{
"model": "lan routers \u003c=wrh-733gwh",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.02.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.9",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"cve": "CVE-2021-20852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-95489",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20852",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-95489",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2348",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2348"
},
{
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. elecom lan routers is a router of Japan Elecom",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20852"
},
{
"db": "CNVD",
"id": "CNVD-2021-95489"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20852",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000108",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2021-95489",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021113002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2348",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2348"
},
{
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"id": "VAR-202112-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
}
]
},
"last_update_date": "2024-04-18T13:10:59.648000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/303611"
},
{
"title": "elecom lan Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172271"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2348"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 1.6,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.2,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000108.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20852"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2348"
},
{
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2348"
},
{
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2348"
},
{
"date": "2021-12-01T03:15:06.713000",
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95489"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2348"
},
{
"date": "2021-12-02T19:45:57.987000",
"db": "NVD",
"id": "CVE-2021-20852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2348"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers buffer overflow vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95489"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2348"
}
],
"trust": 0.6
}
}
VAR-202307-0620
Vulnerability from variot - Updated: 2024-03-29 22:36Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. None
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0620",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-300wh-h",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "2.12"
},
{
"model": "wtc-300hwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.09"
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-300hwh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk3-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": "v1.17 and earlier s (cve-2023-37561,cve-2023-37562)"
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gebk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrh-300wh-h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"cve": "CVE-2023-37560",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"explitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37560",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-953",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. None",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "VULMON",
"id": "CVE-2023-37560"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37560",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN05223215",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37560",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"id": "VAR-202307-0620",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-03-29T22:36:08.332000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"title": "ELECOM WRH Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246958"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " information leak (CWE-200) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn05223215/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn05223215/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37560/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"date": "2023-07-13T02:15:09.417000",
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"date": "2024-03-29T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"date": "2023-07-20T19:28:00.590000",
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
}
],
"trust": 0.6
}
}
VAR-202307-0615
Vulnerability from variot - Updated: 2024-03-29 22:36ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. None
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0615",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-1167gebk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1167febk-a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.18"
},
{
"model": "wrc-1167febk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.04"
},
{
"model": "wrc-1167ghbk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1167ghbk3-a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.24"
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-300hwh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk3-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": "v1.17 and earlier s (cve-2023-37561,cve-2023-37562)"
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gebk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrh-300wh-h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"cve": "CVE-2023-37563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"explitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37563",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. None",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37563"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "VULMON",
"id": "CVE-2023-37563"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37563",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN05223215",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202307-950",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37563",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37563"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-950"
},
{
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"id": "VAR-202307-0615",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-03-29T22:36:08.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"title": "ELECOM WRC-1167FEBK-A Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246118"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-950"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " information leak (CWE-200) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn05223215/"
},
{
"trust": 1.0,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn05223215/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37563/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37563"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-950"
},
{
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37563"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-950"
},
{
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37563"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-950"
},
{
"date": "2023-07-13T03:15:09.927000",
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37563"
},
{
"date": "2024-03-29T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-950"
},
{
"date": "2023-08-18T10:15:10.483000",
"db": "NVD",
"id": "CVE-2023-37563"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-950"
}
],
"trust": 0.6
}
}
VAR-202307-0617
Vulnerability from variot - Updated: 2024-03-29 22:36Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0617",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-1167gebk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1167febk-a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.18"
},
{
"model": "wrc-1167febk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.04"
},
{
"model": "wrc-1167ghbk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1167ghbk3-a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.24"
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-300hwh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk3-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": "v1.17 and earlier s (cve-2023-37561,cve-2023-37562)"
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gebk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrh-300wh-h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"cve": "CVE-2023-37565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"explitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37565",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37565"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "VULMON",
"id": "CVE-2023-37565"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37565",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN05223215",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202307-947",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37565",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37565"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-947"
},
{
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"id": "VAR-202307-0617",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-03-29T22:36:08.287000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"title": "ELECOM wireless LAN routers Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246116"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-947"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " information leak (CWE-200) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn05223215/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn05223215/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37565/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37565"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-947"
},
{
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37565"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-947"
},
{
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37565"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-947"
},
{
"date": "2023-07-13T04:15:10.303000",
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37565"
},
{
"date": "2024-03-29T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-947"
},
{
"date": "2023-07-25T14:50:48.460000",
"db": "NVD",
"id": "CVE-2023-37565"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-947"
}
],
"trust": 0.6
}
}
VAR-202307-0616
Vulnerability from variot - Updated: 2024-03-29 22:36Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. None
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0616",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-300wh-h",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "2.12"
},
{
"model": "wtc-c1167gc-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.17"
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.17"
},
{
"model": "wtc-300hwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.09"
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-300hwh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk3-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": "v1.17 and earlier s (cve-2023-37561,cve-2023-37562)"
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gebk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrh-300wh-h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"cve": "CVE-2023-37561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"explitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37561",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. None",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37561"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "VULMON",
"id": "CVE-2023-37561"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37561",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN05223215",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202307-957",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37561",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37561"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-957"
},
{
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"id": "VAR-202307-0616",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-03-29T22:36:08.264000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"title": "ELECOM wireless LAN routers Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246121"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-957"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " information leak (CWE-200) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn05223215/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn05223215/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37561/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37561"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-957"
},
{
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37561"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-957"
},
{
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37561"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-957"
},
{
"date": "2023-07-13T02:15:09.467000",
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37561"
},
{
"date": "2024-03-29T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-957"
},
{
"date": "2023-07-25T14:11:24.400000",
"db": "NVD",
"id": "CVE-2023-37561"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-957"
}
],
"trust": 0.6
}
}
VAR-202307-0619
Vulnerability from variot - Updated: 2024-03-29 22:36Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. None
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0619",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wtc-c1167gc-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.17"
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.17"
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-300hwh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk3-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": "v1.17 and earlier s (cve-2023-37561,cve-2023-37562)"
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gebk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrh-300wh-h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"cve": "CVE-2023-37562",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"explitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37562",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. None",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37562"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "VULMON",
"id": "CVE-2023-37562"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37562",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN05223215",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202307-951",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37562",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37562"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-951"
},
{
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"id": "VAR-202307-0619",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-03-29T22:36:08.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"title": "ELECOM WTC-C1167GC-B Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246119"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-951"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " information leak (CWE-200) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn05223215/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn05223215/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37562/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37562"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-951"
},
{
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37562"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-951"
},
{
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37562"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-951"
},
{
"date": "2023-07-13T03:15:09.880000",
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37562"
},
{
"date": "2024-03-29T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-951"
},
{
"date": "2023-07-25T14:03:42.807000",
"db": "NVD",
"id": "CVE-2023-37562"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-951"
}
],
"trust": 0.6
}
}
VAR-202307-0618
Vulnerability from variot - Updated: 2024-03-29 22:36OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0618",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-1167gebk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1167febk-a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.18"
},
{
"model": "wrc-1167febk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.04"
},
{
"model": "wrc-1167ghbk-s",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1167ghbk3-a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.24"
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-300hwh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk3-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": "v1.17 and earlier s (cve-2023-37561,cve-2023-37562)"
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gebk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrh-300wh-h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"cve": "CVE-2023-37564",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.7,
"confidentialityImpact": "Complete",
"explitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37564",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2023-000071",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37564"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "VULMON",
"id": "CVE-2023-37564"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37564",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN05223215",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202307-949",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37564",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37564"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-949"
},
{
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"id": "VAR-202307-0618",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-03-29T22:36:08.217000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"title": "ELECOM WRC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246117"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-949"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " information leak (CWE-200) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn05223215/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn05223215/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37564/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37564"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-949"
},
{
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37564"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-949"
},
{
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37564"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-949"
},
{
"date": "2023-07-13T04:15:10.213000",
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37564"
},
{
"date": "2024-03-29T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-949"
},
{
"date": "2023-07-25T14:49:22.723000",
"db": "NVD",
"id": "CVE-2023-37564"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-949"
}
],
"trust": 0.6
}
}
VAR-202308-2597
Vulnerability from variot - Updated: 2024-02-29 22:50OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wab-s300",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wab-s600-ps",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wab-s600-ps_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wab-s600-ps:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wab-s300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wab-s300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"cve": "CVE-2023-40072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-40072",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-40072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-40072"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-40072",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-40072",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-40072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"id": "VAR-202308-2597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-02-29T22:50:12.395000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 1.0,
"url": "https://www.elecom.co.jp/news/security/20231114-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-40072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-40072"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-40072"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:12.847000",
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-40072"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2024-02-28T23:15:08.150000",
"db": "NVD",
"id": "CVE-2023-40072"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2592
Vulnerability from variot - Updated: 2024-01-24 22:29Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-x1800gs-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.13"
},
{
"model": "wrc-x1800gsh-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.13"
},
{
"model": "wrc-x1800gsa-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.13"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-x1800gs-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-x1800gsa-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-x1800gsh-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"cve": "CVE-2023-39454",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-39454",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39454"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-39454"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-39454",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-39454",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39454"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"id": "VAR-202308-2592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.990000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39454"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-39454"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39454"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:12.280000",
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39454"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-23T16:48:10.200000",
"db": "NVD",
"id": "CVE-2023-39454"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2598
Vulnerability from variot - Updated: 2024-01-24 22:29Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2598",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lan-w300n\\/rs",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n\\/pr5",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/rs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/pr5_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/pr5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"cve": "CVE-2023-32626",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-32626",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-32626"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-32626"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-32626",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-32626",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-32626"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"id": "VAR-202308-2598",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-32626"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-32626"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-32626"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:09.617000",
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-32626"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-23T16:49:06.603000",
"db": "NVD",
"id": "CVE-2023-32626"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2596
Vulnerability from variot - Updated: 2024-01-24 22:29Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lan-wh300n\\/re",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/re_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/re:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"cve": "CVE-2023-38576",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-38576",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38576"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-38576"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-38576",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-38576",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-38576"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"id": "VAR-202308-2596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.949000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-38576"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-38576"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-38576"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:11.427000",
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-38576"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-24T18:26:00.547000",
"db": "NVD",
"id": "CVE-2023-38576"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2599
Vulnerability from variot - Updated: 2024-01-24 22:29Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2599",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-f1167acf2",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1900ghbk-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1467ghbk-s",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1467ghbk-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1900ghbk-s",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-600ghbk-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-733febk2-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-600ghbk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-733febk2-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"cve": "CVE-2023-39445",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-39445",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39445"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-39445"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-39445",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-39445",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39445"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"id": "VAR-202308-2599",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39445"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-39445"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39445"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:12.037000",
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39445"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-24T18:30:33",
"db": "NVD",
"id": "CVE-2023-39445"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2595
Vulnerability from variot - Updated: 2024-01-24 22:29OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2595",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-f1167acf2",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1900ghbk-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1467ghbk-s",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1467ghbk-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1900ghbk-s",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-600ghbk-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-733febk2-a",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-600ghbk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-733febk2-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"cve": "CVE-2023-39455",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-39455",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39455"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-39455"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-39455",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-39455",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39455"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"id": "VAR-202308-2595",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39455"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-39455"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39455"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:12.337000",
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39455"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-23T16:48:02.820000",
"db": "NVD",
"id": "CVE-2023-39455"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2593
Vulnerability from variot - Updated: 2024-01-24 22:29OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2593",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-1750ghbk-e",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1167ghbk2",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1750ghbk2-i",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-1750ghbk",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-f1167acf",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk2-i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk2-i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk-e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk-e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"cve": "CVE-2023-40069",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-40069",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-40069"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-40069"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-40069",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-40069",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-40069"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"id": "VAR-202308-2593",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.888000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-40069"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-40069"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-40069"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:12.653000",
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-40069"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-23T16:46:05.750000",
"db": "NVD",
"id": "CVE-2023-40069"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2594
Vulnerability from variot - Updated: 2024-01-24 22:29OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2594",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-1750ghbk",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "wrc-f1167acf",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"cve": "CVE-2023-39944",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-39944",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-39944"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-39944"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-39944",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-39944",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39944"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"id": "VAR-202308-2594",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.868000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-39944"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-39944"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39944"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:12.403000",
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-39944"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-23T16:47:51.790000",
"db": "NVD",
"id": "CVE-2023-39944"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2600
Vulnerability from variot - Updated: 2024-01-24 22:29Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2600",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lan-w300n\\/dr",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-wh300an\\/dgp",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n\\/p",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-wh300andgpe",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-wh300n\\/dgp",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-wh300n\\/dr",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-wh450n\\/gp",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300andgpe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/dgp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300an\\/dgp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-wh450n\\/gp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/dr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/dr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"cve": "CVE-2023-35991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-35991",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-35991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-35991"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-35991",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-35991",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-35991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"id": "VAR-202308-2600",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.848000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-35991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-35991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-35991"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:10.267000",
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-35991"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-29T18:58:15.803000",
"db": "NVD",
"id": "CVE-2023-35991"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202308-2591
Vulnerability from variot - Updated: 2024-01-24 22:29LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202308-2591",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lan-w451ngr",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": "*"
},
{
"model": "lan-w300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/rs",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/re",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsa-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s600-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gsh-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s300",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk2-i",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/p",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w300n/pr5",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300an/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-m1775-ps",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wab-s1167",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750ghbk",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh450n/gp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": "all s (cve-2023-35991)"
},
{
"model": "wab-s1775",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-x1800gs-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300n/dgp",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-wh300andgpe",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "lan-w451ngr",
"scope": null,
"trust": 0.8,
"vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:lan-w451ngr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:lan-w451ngr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"cve": "CVE-2023-38132",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-002797",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-38132",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-002797",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-38132"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "VULMON",
"id": "CVE-2023-38132"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU91630351",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2023-38132",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2023-38132",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-38132"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"id": "VAR-202308-2591",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-01-24T22:29:00.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [ others ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ others ]",
"trust": 0.8
},
{
"problemtype": "OS Command injection (CWE-78) [ others ]",
"trust": 0.8
},
{
"problemtype": " Unpublished features (CWE-912) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://jvn.jp/en/vu/jvnvu91630351/"
},
{
"trust": 1.1,
"url": "https://www.elecom.co.jp/news/security/20230810-01/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91630351/index.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-38132"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-38132"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-38132"
},
{
"date": "2023-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-18T10:15:11.370000",
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2023-38132"
},
{
"date": "2024-01-24T04:50:00",
"db": "JVNDB",
"id": "JVNDB-2023-002797"
},
{
"date": "2023-08-24T18:19:28.707000",
"db": "NVD",
"id": "CVE-2023-38132"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002797"
}
],
"trust": 0.8
}
}
VAR-202112-0021
Vulnerability from variot - Updated: 2023-12-18 12:49OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. The following vulnerabilities exist in multiple router products provided by ELECOM Corporation. It was * CSRF Insufficient access restrictions for countermeasure tokens (CWE-284) - CVE-2021-20862 ‥ * OS Command injection (CWE-78) ‥ * telnet Inadequate access control to services (CWE-284) - CVE-2021-20864 This vulnerability information is from Zero Zero One Co., Ltd. Mr. Katsuhiko Sato (gooh_kun), Hayakawa Soraya Mr Report directly to the product developer, and after coordinating with the product developer, for the purpose of disseminating it to the product user JVN It was announced in.The expected impact depends on each vulnerability, but it may be affected as follows. * Used in the product by a third party on an adjacent network CSRF There is a possibility that the token will be obtained illegally and the settings will be changed. - CVE-2021-20862 ‥ * By a third party who has access to the management screen of the product root Arbitrary with authority OS The command may be executed - CVE-2021-20863 ‥ * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS The command may be executed - CVE-2021-20864. Elecom Edwrc is a series of routers from Japan's Elecom company.
Elecom Edwrc has an operating system command injection vulnerability. The vulnerability originates from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data of the ELECOM router. Attackers can use this vulnerability to execute illegal commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0021",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-2533gs2-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "wrc-2533gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2sp",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gs2-w",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "wrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1167gst2a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gsta",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2-g",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1900gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "edwrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1167gst2h",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1750gs",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1750gsv",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "2.11"
},
{
"model": "wrc-1167gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gst2-g",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gst2h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gst2a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-2533gs2-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-2533gst2sp",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750gs",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "edwrc-2533gst2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900gst",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-2533gst",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gs2-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gst2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gs2h-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-2533gs2-w",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-2533gsta",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1750gsv",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-2533gst2",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "edwrc",
"scope": null,
"trust": 0.6,
"vendor": "elecom",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "NVD",
"id": "CVE-2021-20863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.52",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.52",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.25",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20863"
}
]
},
"cve": "CVE-2021-20863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-102397",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-004912",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-20863",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2021-004912",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-102397",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-008",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "NVD",
"id": "CVE-2021-20863"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. The following vulnerabilities exist in multiple router products provided by ELECOM Corporation. It was * CSRF Insufficient access restrictions for countermeasure tokens (CWE-284) - CVE-2021-20862 \u2025 * OS Command injection (CWE-78) \u2025 * telnet Inadequate access control to services (CWE-284) - CVE-2021-20864 This vulnerability information is from Zero Zero One Co., Ltd. Mr. Katsuhiko Sato (gooh_kun), Hayakawa Soraya Mr Report directly to the product developer, and after coordinating with the product developer, for the purpose of disseminating it to the product user JVN It was announced in.The expected impact depends on each vulnerability, but it may be affected as follows. * Used in the product by a third party on an adjacent network CSRF There is a possibility that the token will be obtained illegally and the settings will be changed. - CVE-2021-20862 \u2025 * By a third party who has access to the management screen of the product root Arbitrary with authority OS The command may be executed - CVE-2021-20863 \u2025 * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS The command may be executed - CVE-2021-20864. Elecom Edwrc is a series of routers from Japan\u0027s Elecom company. \n\r\n\r\nElecom Edwrc has an operating system command injection vulnerability. The vulnerability originates from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data of the ELECOM router. Attackers can use this vulnerability to execute illegal commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20863"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "CNVD",
"id": "CNVD-2021-102397"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20863",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU94527926",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2021-102397",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-008",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "NVD",
"id": "CVE-2021-20863"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
]
},
"id": "VAR-202112-0021",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
}
]
},
"last_update_date": "2023-12-18T12:49:00.753000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless \u00a0LAN\u00a0 Request for firmware update to improve router security",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"title": "Patch for Elecom Edwrc operating system command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/310391"
},
{
"title": "Elecom Edwrc Repair measures for operating system command injection vulnerability in operating system",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172671"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [ Other ]",
"trust": 0.8
},
{
"problemtype": " Inappropriate access control (CWE-284) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "NVD",
"id": "CVE-2021-20863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu94527926/index.html"
},
{
"trust": 1.6,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20863"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu94527926/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-004912.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "NVD",
"id": "CVE-2021-20863"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"db": "NVD",
"id": "CVE-2021-20863"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"date": "2021-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"date": "2021-12-01T03:15:07.223000",
"db": "NVD",
"id": "CVE-2021-20863"
},
{
"date": "2021-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-102397"
},
{
"date": "2022-03-30T06:03:00",
"db": "JVNDB",
"id": "JVNDB-2021-004912"
},
{
"date": "2021-12-02T16:35:06.923000",
"db": "NVD",
"id": "CVE-2021-20863"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in ELECOM router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004912"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-008"
}
],
"trust": 0.6
}
}
VAR-202102-0491
Vulnerability from variot - Updated: 2023-12-18 12:16Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM NCC-EWF100RMWH2 is a wireless access device. Attackers can construct malicious URIs to induce requests and use this vulnerability to perform malicious operations in the context of the target user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0491",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ncc-ewf100rmwh2",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": null
},
{
"model": "ld-ps/u1",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20643)"
},
{
"model": "ncc-ewf100rmwh2",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20650)"
},
{
"model": "wrc-1467ghbk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20644)"
},
{
"model": "wrc-300febk",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "wrc-300febk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20645, cve-2021-20646)"
},
{
"model": "wrc-300febk-s",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
},
{
"model": "wrc-f300nf",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "ncc-ewf100rmwh2",
"scope": null,
"trust": 0.6,
"vendor": "elecom",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20650"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:ncc-ewf100rmwh2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:ncc-ewf100rmwh2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20650"
}
]
},
"cve": "CVE-2021-20650",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-14149",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 4.8,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2021-20650",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-14149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2389",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20650"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM NCC-EWF100RMWH2 is a wireless access device. Attackers can construct malicious URIs to induce requests and use this vulnerability to perform malicious operations in the context of the target user",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20650"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "CNVD",
"id": "CNVD-2021-14149"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20650",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN47580234",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2021-14149",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2389",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20650"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
]
},
"id": "VAR-202102-0491",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
}
],
"trust": 1.299523826
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
}
]
},
"last_update_date": "2023-12-18T12:16:29.655000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"title": "Patch for ELECOM NCC-EWF100RMWH2 cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/250591"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20650"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn47580234/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn47580234/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20650"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20650"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20650"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2021-02-12T07:15:15.450000",
"db": "NVD",
"id": "CVE-2021-20650"
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2021-02-18T18:37:52.897000",
"db": "NVD",
"id": "CVE-2021-20650"
},
{
"date": "2021-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ELECOM NCC-EWF100RMWH2 cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14149"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2389"
}
],
"trust": 0.6
}
}
VAR-202102-0490
Vulnerability from variot - Updated: 2023-12-18 12:16ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. ELECOM WRC-300FEBK-S is a network camera suitable for home from Elecom of Japan. Attackers can use this vulnerability to change the communication response and execute arbitrary commands on the product
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0490",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-300febk-s",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": null
},
{
"model": "ld-ps/u1",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20643)"
},
{
"model": "ncc-ewf100rmwh2",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20650)"
},
{
"model": "wrc-1467ghbk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20644)"
},
{
"model": "wrc-300febk",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "wrc-300febk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20645, cve-2021-20646)"
},
{
"model": "wrc-300febk-s",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
},
{
"model": "wrc-f300nf",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "wrc-300febk-s",
"scope": null,
"trust": 0.6,
"vendor": "elecom",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20649"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-300febk-s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-300febk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20649"
}
]
},
"cve": "CVE-2021-20649",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-14142",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 4.8,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2021-20649",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-14142",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2390",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20649"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. ELECOM WRC-300FEBK-S is a network camera suitable for home from Elecom of Japan. Attackers can use this vulnerability to change the communication response and execute arbitrary commands on the product",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"db": "VULMON",
"id": "CVE-2021-20649"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20649",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN47580234",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2021-14142",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2390",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20649",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"db": "VULMON",
"id": "CVE-2021-20649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20649"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
]
},
"id": "VAR-202102-0490",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
}
],
"trust": 1.299523826
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
}
]
},
"last_update_date": "2023-12-18T12:16:29.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"title": "Patch for ELECOM WRC-300FEBK-S certificate verification error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/250616"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20649"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn47580234/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn47580234/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20649"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195680"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"db": "VULMON",
"id": "CVE-2021-20649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20649"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"db": "VULMON",
"id": "CVE-2021-20649"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20649"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"date": "2021-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20649"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2021-02-12T07:15:15.387000",
"db": "NVD",
"id": "CVE-2021-20649"
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14142"
},
{
"date": "2021-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20649"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2021-02-15T01:26:09.573000",
"db": "NVD",
"id": "CVE-2021-20649"
},
{
"date": "2021-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple ELECOM products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2390"
}
],
"trust": 0.6
}
}
VAR-202102-0489
Vulnerability from variot - Updated: 2023-12-18 12:16ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM WRC-300FEBK-S is a wireless access device.
ELECOM WRC-300FEBK-S has an arbitrary command execution vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-300febk-s",
"scope": "eq",
"trust": 1.0,
"vendor": "elecom",
"version": null
},
{
"model": "ld-ps/u1",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20643)"
},
{
"model": "ncc-ewf100rmwh2",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20650)"
},
{
"model": "wrc-1467ghbk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20644)"
},
{
"model": "wrc-300febk",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "wrc-300febk-a",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20645, cve-2021-20646)"
},
{
"model": "wrc-300febk-s",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
},
{
"model": "wrc-f300nf",
"scope": "eq",
"trust": 0.8,
"vendor": "elecom",
"version": "(cve-2014-8361)"
},
{
"model": "wrc-300febk-s",
"scope": null,
"trust": 0.6,
"vendor": "elecom",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20648"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrc-300febk-s_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrc-300febk-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20648"
}
]
},
"cve": "CVE-2021-20648",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CNVD-2021-14145",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.2,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-000008",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 4.8,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2021-20648",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2021-000008",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-14145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2396",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20648"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM WRC-300FEBK-S is a wireless access device. \n\r\n\r\nELECOM WRC-300FEBK-S has an arbitrary command execution vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"db": "VULMON",
"id": "CVE-2021-20648"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20648",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN47580234",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2021-14145",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2396",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-20648",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"db": "VULMON",
"id": "CVE-2021-20648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20648"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
]
},
"id": "VAR-202102-0489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
}
],
"trust": 1.299523826
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
}
]
},
"last_update_date": "2023-12-18T12:16:29.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"title": "Patch for ELECOM WRC-300FEBK-S arbitrary command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/250601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20648"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.elecom.co.jp/news/security/20210126-01/"
},
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn47580234/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn47580234/index.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20648"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195666"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"db": "VULMON",
"id": "CVE-2021-20648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20648"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"db": "VULMON",
"id": "CVE-2021-20648"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"db": "NVD",
"id": "CVE-2021-20648"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"date": "2021-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20648"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2021-02-12T07:15:15.327000",
"db": "NVD",
"id": "CVE-2021-20648"
},
{
"date": "2021-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-14145"
},
{
"date": "2021-02-15T00:00:00",
"db": "VULMON",
"id": "CVE-2021-20648"
},
{
"date": "2021-01-26T03:12:23",
"db": "JVNDB",
"id": "JVNDB-2021-000008"
},
{
"date": "2021-02-15T01:29:13.357000",
"db": "NVD",
"id": "CVE-2021-20648"
},
{
"date": "2021-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple ELECOM products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-000008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2396"
}
],
"trust": 0.6
}
}