Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    41 vulnerabilities by elecom

    VAR-202112-0023

    Vulnerability from variot - Updated: 2024-04-19 22:39

    Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. elecom lan routers is a router of Japan Elecom.

    Elecom lan routers has an access control error vulnerability. Attackers can use this vulnerability to bypass access restrictions and access the product management screen through an unspecified vector

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0023",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-2533gs2-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.52"
          },
          {
            "model": "wrc-2533gst",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-2533gst2sp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-2533gs2-w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.52"
          },
          {
            "model": "wrc-2533gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1167gst2a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-2533gsta",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-2533gst2-g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1900gst",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "edwrc-2533gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1167gst2h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1750gs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1750gsv",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "2.11"
          },
          {
            "model": "wrc-1167gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "lan routers \u003c=wrc-1167gst2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-1167gst2a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-1167gst2h",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-2533gs2-b",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.52"
          },
          {
            "model": "lan routers \u003c=wrc-2533gs2-w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.52"
          },
          {
            "model": "lan routers \u003c=wrc-1750gs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-1750gsv",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v2.11"
          },
          {
            "model": "lan routers \u003c=wrc-1900gst",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-2533gsta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst2sp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst2-g",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=edwrc-2533gst2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.52",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.52",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "cve": "CVE-2021-20861",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2021-95485",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20861",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95485",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2334",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. elecom lan routers is a router of Japan Elecom. \n\r\n\r\nElecom lan routers has an access control error vulnerability. Attackers can use this vulnerability to bypass access restrictions and access the product management screen through an unspecified vector",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20861",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113005",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "id": "VAR-202112-0023",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          }
        ]
      },
      "last_update_date": "2024-04-19T22:39:53.058000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers access control error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303631"
          },
          {
            "title": "elecom lan Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172659"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.2,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113005"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20861"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          },
          {
            "date": "2021-12-01T03:15:07.130000",
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          },
          {
            "date": "2022-06-28T14:11:45.273000",
            "db": "NVD",
            "id": "CVE-2021-20861"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers access control error vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95485"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2334"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0166

    Vulnerability from variot - Updated: 2024-04-19 22:39

    ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. Elecom lan routers is a router of Japan Elecom.

    There is an operating system command injection vulnerability in elecom lan routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0166",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrh-733gwh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "wrh-733gbk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gbk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gwh",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "cve": "CVE-2021-20854",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-95483",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20854",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95483",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2346",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. Elecom lan routers is a router of Japan Elecom. \n\r\n\r\nThere is an operating system command injection vulnerability in elecom lan routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20854",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113002",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "id": "VAR-202112-0166",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          }
        ]
      },
      "last_update_date": "2024-04-19T22:39:53.036000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers operating system command injection vulnerability (CNVD-2021-95483)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303641"
          },
          {
            "title": "elecom lan Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172269"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20854"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          },
          {
            "date": "2021-12-01T03:15:06.807000",
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          },
          {
            "date": "2021-12-02T19:45:22.837000",
            "db": "NVD",
            "id": "CVE-2021-20854"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers operating system command injection vulnerability (CNVD-2021-95483)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95483"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2346"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0026

    Vulnerability from variot - Updated: 2024-04-19 22:39

    Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0026",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrh-733gwh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "wrh-733gbk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gbk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gwh",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "cve": "CVE-2021-20855",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-95487",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20855",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95487",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2345",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20855",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113002",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "id": "VAR-202112-0026",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          }
        ]
      },
      "last_update_date": "2024-04-19T22:39:52.996000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303621"
          },
          {
            "title": "elecom lan Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172525"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.2,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20855"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          },
          {
            "date": "2021-12-01T03:15:06.850000",
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          },
          {
            "date": "2021-12-02T16:58:59.157000",
            "db": "NVD",
            "id": "CVE-2021-20855"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers cross-site scripting vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95487"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2345"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0025

    Vulnerability from variot - Updated: 2024-04-19 22:39

    Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0025",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrh-733gwh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "wrh-733gbk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gbk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gwh",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "cve": "CVE-2021-20856",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-95482",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20856",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95482",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2344",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20856",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113002",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "id": "VAR-202112-0025",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          }
        ]
      },
      "last_update_date": "2024-04-19T22:39:52.974000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers cross-site scripting vulnerability (CNVD-2021-95482)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303646"
          },
          {
            "title": "elecom lan Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172524"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20856"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          },
          {
            "date": "2021-12-01T03:15:06.897000",
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          },
          {
            "date": "2021-12-02T16:28:41.313000",
            "db": "NVD",
            "id": "CVE-2021-20856"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers cross-site scripting vulnerability (CNVD-2021-95482)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95482"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2344"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0024

    Vulnerability from variot - Updated: 2024-04-19 22:39

    Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0024",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-2533ghbk-i",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.20"
          },
          {
            "model": "lan routers \u003c=wrc-2533ghbk-i",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.20"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533ghbk-i_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.20",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533ghbk-i:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "cve": "CVE-2021-20857",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-95481",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20857",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95481",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2342",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Elecom lan routers is a router of Japan Elecom",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20857",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113003",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "id": "VAR-202112-0024",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          }
        ]
      },
      "last_update_date": "2024-04-19T22:39:52.948000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers cross-site scripting vulnerability (CNVD-2021-95481)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303651"
          },
          {
            "title": "elecom lan Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172265"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113003"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20857"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          },
          {
            "date": "2021-12-01T03:15:06.940000",
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          },
          {
            "date": "2021-12-02T16:29:45.350000",
            "db": "NVD",
            "id": "CVE-2021-20857"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers cross-site scripting vulnerability (CNVD-2021-95481)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95481"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2342"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0004

    Vulnerability from variot - Updated: 2024-04-19 22:39

    Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. elecom lan routers is a router of Japan Elecom.

    Elecom lan routers has a cross-site request forgery vulnerability, which can be exploited by attackers to hijack administrator authentication through a specially crafted page

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0004",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-2533gs2-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.52"
          },
          {
            "model": "wrc-2533gst",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-2533gst2sp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-2533gs2-w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.52"
          },
          {
            "model": "wrc-2533gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1167gst2a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-2533gsta",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-2533gst2-g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1900gst",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "edwrc-2533gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1167gst2h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1750gs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1750gsv",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "2.11"
          },
          {
            "model": "wrc-1167gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "lan routers \u003c=wrc-1167gst2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-1167gst2a",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-1167gst2h",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-2533gs2-b",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.52"
          },
          {
            "model": "lan routers \u003c=wrc-2533gs2-w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.52"
          },
          {
            "model": "lan routers \u003c=wrc-1750gs",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-1750gsv",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v2.11"
          },
          {
            "model": "lan routers \u003c=wrc-1900gst",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-2533gsta",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.03"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst2sp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=wrc-2533gst2-g",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          },
          {
            "model": "lan routers \u003c=edwrc-2533gst2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.25"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.52",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.52",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "cve": "CVE-2021-20860",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-95486",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20860",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95486",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2337",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page. elecom lan routers is a router of Japan Elecom. \n\r\n\r\nElecom lan routers has a cross-site request forgery vulnerability, which can be exploited by attackers to hijack administrator authentication through a specially crafted page",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20860",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113005",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "id": "VAR-202112-0004",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          }
        ]
      },
      "last_update_date": "2024-04-19T22:39:52.927000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303626"
          },
          {
            "title": "elecom lan Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172660"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.2,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113005"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20860"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          },
          {
            "date": "2021-12-01T03:15:07.080000",
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          },
          {
            "date": "2021-12-02T14:01:11.917000",
            "db": "NVD",
            "id": "CVE-2021-20860"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers cross-site request forgery vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95486"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2337"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0008

    Vulnerability from variot - Updated: 2024-04-19 22:39

    Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0008",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-2533ghbk-i",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.20"
          },
          {
            "model": "lan routers \u003c=wrc-2533ghbk-i",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.20"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533ghbk-i_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.20",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533ghbk-i:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "cve": "CVE-2021-20858",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2021-95484",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20858",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95484",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2340",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. elecom lan routers is a router of Japan Elecom",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20858",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113003",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "id": "VAR-202112-0008",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          }
        ]
      },
      "last_update_date": "2024-04-19T22:39:52.902000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers cross-site scripting vulnerability (CNVD-2021-95484)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303636"
          },
          {
            "title": "elecom lan Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172521"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113003"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20858"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          },
          {
            "date": "2021-12-01T03:15:06.983000",
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          },
          {
            "date": "2021-12-01T08:05:59.137000",
            "db": "NVD",
            "id": "CVE-2021-20858"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers cross-site scripting vulnerability (CNVD-2021-95484)",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95484"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2340"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201505-0274

    Vulnerability from variot - Updated: 2024-04-18 13:16

    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0274",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-619l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.03"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.04"
          },
          {
            "model": "dir-600l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.00"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.05"
          },
          {
            "model": "dir-605l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.00"
          },
          {
            "model": "dir-605l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dir-600l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.15"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.15"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02"
          },
          {
            "model": "sdk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "realtek",
            "version": null
          },
          {
            "model": "dir-905l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02"
          },
          {
            "model": "dir-619l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.00"
          },
          {
            "model": "dir-809",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "wsr-300hp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "firmware 2.30"
          },
          {
            "model": "ld-ps/u1",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20643)"
          },
          {
            "model": "ncc-ewf100rmwh2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20650)"
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20644)"
          },
          {
            "model": "wrc-300febk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "wrc-300febk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20645, cve-2021-20646)"
          },
          {
            "model": "wrc-300febk-s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
          },
          {
            "model": "wrc-f300nf",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.15  )"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "b1 ( firmware  2.056b06  )"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.15"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.056b06"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.14b06  )"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "bx ( firmware  2.07b02  )"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "c1 ( firmware  3.03b07  )"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.14b06"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.07b02"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "3.03b07"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.15  )"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "b1 ( firmware  2.07b02  )"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.15"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.07b02"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.04b02  )"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a2 ( firmware  1.04b02  )"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.04b02"
          },
          {
            "model": "dir-900l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.14b02  )"
          },
          {
            "model": "dir-900l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.14b02"
          },
          {
            "model": "sdk",
            "scope": null,
            "trust": 0.8,
            "vendor": "realtek semiconductor corp",
            "version": null
          },
          {
            "model": "rtl81xx sdk",
            "scope": null,
            "trust": 0.7,
            "vendor": "realtek",
            "version": null
          },
          {
            "model": "dir-600l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.15"
          },
          {
            "model": "dir-600l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.05"
          },
          {
            "model": "dir-905l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.02"
          },
          {
            "model": "dir-605l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13"
          },
          {
            "model": "dir-605l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.04",
                        "versionStartIncluding": "2.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.15",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.05",
                        "versionStartIncluding": "2.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.15",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.03",
                        "versionStartIncluding": "2.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ],
        "trust": 1.6
      },
      "cve": "CVE-2014-8361",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2014-8361",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 1.6,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000194",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-76306",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000194",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 4.8,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-8361",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000194",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-8361",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201504-581",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-76306",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-8361",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service  condition. Realtek SDK is a set of SDK development kit developed by Realtek",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          }
        ],
        "trust": 4.14
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-76306",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37169",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-8361",
            "trust": 5.2
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-155",
            "trust": 3.6
          },
          {
            "db": "JVN",
            "id": "JVN47580234",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "74330",
            "trust": 2.1
          },
          {
            "db": "DLINK",
            "id": "SAP10055",
            "trust": 2.1
          },
          {
            "db": "JVN",
            "id": "JVN67456944",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "37169",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "132090",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008",
            "trust": 1.4
          },
          {
            "db": "JVN",
            "id": "JVN74871939",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2435",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581",
            "trust": 0.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000028",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97587",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "id": "VAR-201505-0274",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          }
        ],
        "trust": 0.759098647142857
      },
      "last_update_date": "2024-04-18T13:16:59.233000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20170804_2.html"
          },
          {
            "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "title": "RTL81xx",
            "trust": 0.8,
            "url": "http://www.realtek.com/search/default.aspx?keyword=rtl81"
          },
          {
            "title": "SAP10055",
            "trust": 0.8,
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
          },
          {
            "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.Vendor Contact Timeline:08/13/2014 - ZDI wrote to vendor requesting contact and PGP09/04/2014 - ZDI wrote to vendor requesting contact and PGP09/29/2014 - ZDI wrote to vendor requesting contact and PGP10/22/2014 - ZDI wrote to vendor requesting contact and PGP, indicated \"final\" email attempt and informed of intent to 0-day04/24/2015 - Public release of advisory-- Mitigation:Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in  and numerous other Microsoft Knowledge Base articles.",
            "trust": 0.7,
            "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
          },
          {
            "title": "Realtek SDK miniigd SOAP Fixes for service remote code execution vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96763"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/xuguowong/mirai-mal "
          },
          {
            "title": "api.greynoise.io",
            "trust": 0.1,
            "url": "https://github.com/greynoise-intelligence/api.greynoise.io "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/valve-source-engine-fortnite-servers-crippled-by-gafgyt-variant/149719/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/new-mirai-samples-grow-the-number-of-processors-targets/143566/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/huawei-router-default-credential/140234/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/router-crapfest-malware-author-builds-18-000-strong-botnet-in-a-day/"
          },
          {
            "title": "Securelist",
            "trust": 0.1,
            "url": "https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h2-2017/85053/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/jenx-botnet-has-grand-theft-auto-hook/129759/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/satori-author-linked-to-new-mirai-variant-masuta/129640/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/satori-botnet-is-now-attacking-ethereum-mining-rigs/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/amateur-hacker-behind-satori-botnet/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/unpatched-router-vulnerability-could-lead-to-code-execution/112524/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-94",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-78",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-79",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-352",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-15-155/"
          },
          {
            "trust": 2.4,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
          },
          {
            "trust": 2.1,
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
          },
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/37169/"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/74330"
          },
          {
            "trust": 1.8,
            "url": "http://jvn.jp/en/jp/jvn47580234/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://jvn.jp/en/jp/jvn67456944/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/132090/realtek-sdk-miniigd-upnp-soap-command-execution.html"
          },
          {
            "trust": 1.1,
            "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
          },
          {
            "trust": 1.1,
            "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/en/jp/jvn74871939/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8361"
          },
          {
            "trust": 0.7,
            "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000028.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.realtek.com.tw/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-04-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "date": "2015-05-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "date": "2015-05-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "date": "2015-04-24T00:00:00",
            "db": "BID",
            "id": "74330"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2015-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "date": "2015-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "date": "2015-05-01T15:59:01.287000",
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-04-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "date": "2023-09-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "date": "2015-05-07T18:22:00",
            "db": "BID",
            "id": "74330"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2015-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "date": "2021-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "date": "2023-09-05T22:15:07.477000",
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WSR-300HP vulnerable to arbitrary code execution",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0167

    Vulnerability from variot - Updated: 2024-04-18 13:10

    ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. elecom lan routers is a router of Japan Elecom.

    There is an operating system command injection vulnerability in elecom lan routers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0167",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrh-733gwh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "wrh-733gbk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gbk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gwh",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "cve": "CVE-2021-20853",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-95488",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20853",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95488",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2347",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. elecom lan routers is a router of Japan Elecom. \n\r\n\r\nThere is an operating system command injection vulnerability in elecom lan routers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20853",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000108",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113002",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "id": "VAR-202112-0167",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          }
        ]
      },
      "last_update_date": "2024-04-18T13:10:59.853000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers operating system command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303616"
          },
          {
            "title": "elecom lan Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172270"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.2,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000108.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20853"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          },
          {
            "date": "2021-12-01T03:15:06.757000",
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          },
          {
            "date": "2021-12-02T19:45:37.587000",
            "db": "NVD",
            "id": "CVE-2021-20853"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers operating system command injection vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95488"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2347"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202112-0168

    Vulnerability from variot - Updated: 2024-04-18 13:10

    Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. elecom lan routers is a router of Japan Elecom

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0168",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrh-733gwh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "wrh-733gbk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gbk",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          },
          {
            "model": "lan routers \u003c=wrh-733gwh",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "elecom",
            "version": "v1.02.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gbk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gbk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-733gwh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-733gwh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "cve": "CVE-2021-20852",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-95489",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20852",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-95489",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202111-2348",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary OS command via unspecified vectors. elecom lan routers is a router of Japan Elecom",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          }
        ],
        "trust": 1.44
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20852",
            "trust": 2.2
          },
          {
            "db": "JVN",
            "id": "JVN88993473",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000108",
            "trust": 1.2
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021113002",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "id": "VAR-202112-0168",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          }
        ]
      },
      "last_update_date": "2024-04-18T13:10:59.648000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for elecom lan routers buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/303611"
          },
          {
            "title": "elecom lan Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172271"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn88993473/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.2,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000108.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20852"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021113002"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "date": "2021-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          },
          {
            "date": "2021-12-01T03:15:06.713000",
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          },
          {
            "date": "2021-12-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          },
          {
            "date": "2021-12-02T19:45:57.987000",
            "db": "NVD",
            "id": "CVE-2021-20852"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "elecom lan routers buffer overflow vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-95489"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202111-2348"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0620

    Vulnerability from variot - Updated: 2024-03-29 22:36

    Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. None

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0620",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrh-300wh-h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "2.12"
          },
          {
            "model": "wtc-300hwh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.09"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-300hwh",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": "v1.17  and earlier  s (cve-2023-37561,cve-2023-37562)"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gebk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrh-300wh-h",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.09",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "cve": "CVE-2023-37560",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "explitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-37560",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202307-953",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. None",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37560"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-37560",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVN05223215",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37560",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "id": "VAR-202307-0620",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-03-29T22:36:08.332000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "title": "ELECOM WRH Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246958"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Code injection (CWE-94) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " information leak (CWE-200) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " others (CWE-Other) [IPA evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn05223215/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn05223215/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-37560/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37560"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          },
          {
            "date": "2023-07-13T02:15:09.417000",
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37560"
          },
          {
            "date": "2024-03-29T06:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          },
          {
            "date": "2023-07-20T19:28:00.590000",
            "db": "NVD",
            "id": "CVE-2023-37560"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-953"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0615

    Vulnerability from variot - Updated: 2024-03-29 22:36

    ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. None

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0615",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-1167gebk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1167febk-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.18"
          },
          {
            "model": "wrc-1167febk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.04"
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.24"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-300hwh",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": "v1.17  and earlier  s (cve-2023-37561,cve-2023-37562)"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gebk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrh-300wh-h",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.24",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.18",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "cve": "CVE-2023-37563",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "Partial",
                "explitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.5,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-37563",
                "trust": 1.0,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions. None",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37563"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-37563",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVN05223215",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-950",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37563",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-950"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "id": "VAR-202307-0615",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-03-29T22:36:08.310000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "title": "ELECOM WRC-1167FEBK-A Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246118"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-950"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Code injection (CWE-94) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " information leak (CWE-200) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " others (CWE-Other) [IPA evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn05223215/"
          },
          {
            "trust": 1.0,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn05223215/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-37563/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-950"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37563"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-950"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37563"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-950"
          },
          {
            "date": "2023-07-13T03:15:09.927000",
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37563"
          },
          {
            "date": "2024-03-29T06:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-950"
          },
          {
            "date": "2023-08-18T10:15:10.483000",
            "db": "NVD",
            "id": "CVE-2023-37563"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-950"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0617

    Vulnerability from variot - Updated: 2024-03-29 22:36

    Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0617",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-1167gebk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1167febk-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.18"
          },
          {
            "model": "wrc-1167febk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.04"
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.24"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-300hwh",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": "v1.17  and earlier  s (cve-2023-37561,cve-2023-37562)"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gebk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrh-300wh-h",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.24",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.18",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "cve": "CVE-2023-37565",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "explitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-37565",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37565"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-37565",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVN05223215",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-947",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37565",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-947"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "id": "VAR-202307-0617",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-03-29T22:36:08.287000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "title": "ELECOM wireless LAN routers Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246116"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-947"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Code injection (CWE-94) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " information leak (CWE-200) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " others (CWE-Other) [IPA evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn05223215/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn05223215/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-37565/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-947"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37565"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-947"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37565"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-947"
          },
          {
            "date": "2023-07-13T04:15:10.303000",
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37565"
          },
          {
            "date": "2024-03-29T06:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-947"
          },
          {
            "date": "2023-07-25T14:50:48.460000",
            "db": "NVD",
            "id": "CVE-2023-37565"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-947"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0616

    Vulnerability from variot - Updated: 2024-03-29 22:36

    Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. None

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0616",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrh-300wh-h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "2.12"
          },
          {
            "model": "wtc-c1167gc-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.17"
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.17"
          },
          {
            "model": "wtc-300hwh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.09"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-300hwh",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": "v1.17  and earlier  s (cve-2023-37561,cve-2023-37562)"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gebk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrh-300wh-h",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.12",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.09",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.17",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.17",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "cve": "CVE-2023-37561",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "explitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-37561",
                "trust": 1.0,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. None",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37561"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-37561",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVN05223215",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-957",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37561",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-957"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "id": "VAR-202307-0616",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-03-29T22:36:08.264000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "title": "ELECOM wireless LAN routers Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246121"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-957"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-601",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Code injection (CWE-94) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " information leak (CWE-200) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " others (CWE-Other) [IPA evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn05223215/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn05223215/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-37561/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-957"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-957"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37561"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-957"
          },
          {
            "date": "2023-07-13T02:15:09.467000",
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37561"
          },
          {
            "date": "2024-03-29T06:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-957"
          },
          {
            "date": "2023-07-25T14:11:24.400000",
            "db": "NVD",
            "id": "CVE-2023-37561"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-957"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0619

    Vulnerability from variot - Updated: 2024-03-29 22:36

    Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. None

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0619",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wtc-c1167gc-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.17"
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.17"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-300hwh",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": "v1.17  and earlier  s (cve-2023-37561,cve-2023-37562)"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gebk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrh-300wh-h",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.17",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wtc-c1167gc-w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.17",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wtc-c1167gc-w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "cve": "CVE-2023-37562",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "explitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-37562",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed. None",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37562"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-37562",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVN05223215",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-951",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37562",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "id": "VAR-202307-0619",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-03-29T22:36:08.241000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "title": "ELECOM WTC-C1167GC-B Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246119"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-951"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Code injection (CWE-94) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " information leak (CWE-200) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " others (CWE-Other) [IPA evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn05223215/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn05223215/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-37562/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37562"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-951"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37562"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-951"
          },
          {
            "date": "2023-07-13T03:15:09.880000",
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37562"
          },
          {
            "date": "2024-03-29T06:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-951"
          },
          {
            "date": "2023-07-25T14:03:42.807000",
            "db": "NVD",
            "id": "CVE-2023-37562"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-951"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202307-0618

    Vulnerability from variot - Updated: 2024-03-29 22:36

    OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0618",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-1167gebk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1167febk-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.18"
          },
          {
            "model": "wrc-1167febk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.04"
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.24"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-300hwh",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk3-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": "v1.17  and earlier  s (cve-2023-37561,cve-2023-37562)"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gebk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167febk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrh-300wh-h",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wtc-c1167gc-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gebk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.04",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.24",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk3-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.18",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167febk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "cve": "CVE-2023-37564",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 7.7,
                "confidentialityImpact": "Complete",
                "explitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-000071",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-37564",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2023-000071",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. None",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37564"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-37564",
            "trust": 3.3
          },
          {
            "db": "JVN",
            "id": "JVN05223215",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-949",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-37564",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-949"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "id": "VAR-202307-0618",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-03-29T22:36:08.217000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "title": "ELECOM WRC Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246117"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-949"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Code injection (CWE-94) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " information leak (CWE-200) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": " others (CWE-Other) [IPA evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "trust": 1.7,
            "url": "https://jvn.jp/en/jp/jvn05223215/"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn05223215/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-37564/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-949"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-37564"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-949"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37564"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-949"
          },
          {
            "date": "2023-07-13T04:15:10.213000",
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-07-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-37564"
          },
          {
            "date": "2024-03-29T06:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          },
          {
            "date": "2023-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202307-949"
          },
          {
            "date": "2023-07-25T14:49:22.723000",
            "db": "NVD",
            "id": "CVE-2023-37564"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-000071"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202307-949"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202308-2597

    Vulnerability from variot - Updated: 2024-02-29 22:50

    OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2597",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wab-s300",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wab-s600-ps",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wab-s600-ps_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wab-s600-ps:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wab-s300_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wab-s300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "cve": "CVE-2023-40072",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-40072",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-40072"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40072",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-40072",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-40072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "id": "VAR-202308-2597",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-02-29T22:50:12.395000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 1.0,
            "url": "https://www.elecom.co.jp/news/security/20231114-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-40072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-40072"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-40072"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:12.847000",
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-40072"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2024-02-28T23:15:08.150000",
            "db": "NVD",
            "id": "CVE-2023-40072"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2592

    Vulnerability from variot - Updated: 2024-01-24 22:29

    Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2592",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-x1800gs-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.13"
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.13"
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.13"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-x1800gs-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-x1800gsa-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-x1800gsh-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "cve": "CVE-2023-39454",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-39454",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39454"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39454",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39454",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "id": "VAR-202308-2592",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.990000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230711-01/"
          },
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39454"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39454"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:12.280000",
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39454"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-23T16:48:10.200000",
            "db": "NVD",
            "id": "CVE-2023-39454"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2598

    Vulnerability from variot - Updated: 2024-01-24 22:29

    Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2598",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "lan-w300n\\/rs",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n\\/pr5",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/rs_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/rs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/pr5_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/pr5:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "cve": "CVE-2023-32626",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-32626",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32626"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32626",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32626",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "id": "VAR-202308-2598",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.970000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-32626"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:09.617000",
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-32626"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-23T16:49:06.603000",
            "db": "NVD",
            "id": "CVE-2023-32626"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2596

    Vulnerability from variot - Updated: 2024-01-24 22:29

    Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2596",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "lan-wh300n\\/re",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/re_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/re:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "cve": "CVE-2023-38576",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-38576",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-38576"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38576",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-38576",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-38576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "id": "VAR-202308-2596",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.949000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-38576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-38576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-38576"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:11.427000",
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-38576"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-24T18:26:00.547000",
            "db": "NVD",
            "id": "CVE-2023-38576"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2599

    Vulnerability from variot - Updated: 2024-01-24 22:29

    Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2599",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-f1167acf2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-733febk2-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-600ghbk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-733febk2-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "cve": "CVE-2023-39445",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-39445",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39445"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39445",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39445",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "id": "VAR-202308-2599",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.931000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39445"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39445"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:12.037000",
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39445"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-24T18:30:33",
            "db": "NVD",
            "id": "CVE-2023-39445"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2595

    Vulnerability from variot - Updated: 2024-01-24 22:29

    OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2595",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-f1167acf2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-733febk2-a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-600ghbk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-733febk2-a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "cve": "CVE-2023-39455",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-39455",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "Medium"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39455"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39455",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39455",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "id": "VAR-202308-2595",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.911000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39455"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39455"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:12.337000",
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39455"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-23T16:48:02.820000",
            "db": "NVD",
            "id": "CVE-2023-39455"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2593

    Vulnerability from variot - Updated: 2024-01-24 22:29

    OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2593",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-1750ghbk-e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-1750ghbk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-f1167acf",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167ghbk2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167ghbk2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk2-i_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk2-i:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk-e_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk-e:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "cve": "CVE-2023-40069",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-40069",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-40069"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40069",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-40069",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-40069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "id": "VAR-202308-2593",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.888000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-40069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-40069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-40069"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:12.653000",
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-40069"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-23T16:46:05.750000",
            "db": "NVD",
            "id": "CVE-2023-40069"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2594

    Vulnerability from variot - Updated: 2024-01-24 22:29

    OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2594",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-1750ghbk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "wrc-f1167acf",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "cve": "CVE-2023-39944",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-39944",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39944"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39944",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-39944",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "id": "VAR-202308-2594",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.868000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-39944"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39944"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:12.403000",
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-39944"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-23T16:47:51.790000",
            "db": "NVD",
            "id": "CVE-2023-39944"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2600

    Vulnerability from variot - Updated: 2024-01-24 22:29

    Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2600",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "lan-w300n\\/dr",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-wh300an\\/dgp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n\\/p",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-wh300andgpe",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-wh300n\\/dgp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-wh300n\\/dr",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-wh450n\\/gp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-wh300andgpe:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/dgp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-wh300an\\/dgp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-wh450n\\/gp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/dr:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/dr:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "cve": "CVE-2023-35991",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-35991",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product\u0027s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-35991"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35991",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-35991",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-35991"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "id": "VAR-202308-2600",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.848000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-35991"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-35991"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-35991"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:10.267000",
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-35991"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-29T18:58:15.803000",
            "db": "NVD",
            "id": "CVE-2023-35991"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202308-2591

    Vulnerability from variot - Updated: 2024-01-24 22:29

    LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2591",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "lan-w451ngr",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "*"
          },
          {
            "model": "lan-w300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167ghbk2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/rs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/re",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk-e",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsa-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s600-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-733febk2-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gsh-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-600ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s300",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk2-i",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/p",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w300n/pr5",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300an/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-m1775-ps",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wab-s1167",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750ghbk",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh450n/gp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": "all  s  (cve-2023-35991)"
          },
          {
            "model": "wab-s1775",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-x1800gs-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300n/dgp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-wh300andgpe",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-f1167acf2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "lan-w451ngr",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:lan-w451ngr_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:lan-w451ngr:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "cve": "CVE-2023-38132",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2023-002797",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-38132",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2023-002797",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-38132"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU91630351",
            "trust": 1.9
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38132",
            "trust": 1.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797",
            "trust": 0.8
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-38132",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-38132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "id": "VAR-202308-2591",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.6666667
      },
      "last_update_date": "2024-01-24T22:29:00.809000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.1,
            "url": "https://jvn.jp/en/vu/jvnvu91630351/"
          },
          {
            "trust": 1.1,
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-38132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-38132"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-38132"
          },
          {
            "date": "2023-08-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-18T10:15:11.370000",
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-38132"
          },
          {
            "date": "2024-01-24T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          },
          {
            "date": "2023-08-24T18:19:28.707000",
            "db": "NVD",
            "id": "CVE-2023-38132"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-002797"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202112-0021

    Vulnerability from variot - Updated: 2023-12-18 12:49

    OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. The following vulnerabilities exist in multiple router products provided by ELECOM Corporation. It was * CSRF Insufficient access restrictions for countermeasure tokens (CWE-284) - CVE-2021-20862 ‥ * OS Command injection (CWE-78) ‥ * telnet Inadequate access control to services (CWE-284) - CVE-2021-20864 This vulnerability information is from Zero Zero One Co., Ltd. Mr. Katsuhiko Sato (gooh_kun), Hayakawa Soraya Mr Report directly to the product developer, and after coordinating with the product developer, for the purpose of disseminating it to the product user JVN It was announced in.The expected impact depends on each vulnerability, but it may be affected as follows. * Used in the product by a third party on an adjacent network CSRF There is a possibility that the token will be obtained illegally and the settings will be changed. - CVE-2021-20862 ‥ * By a third party who has access to the management screen of the product root Arbitrary with authority OS The command may be executed - CVE-2021-20863 ‥ * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS The command may be executed - CVE-2021-20864. Elecom Edwrc is a series of routers from Japan's Elecom company.

    Elecom Edwrc has an operating system command injection vulnerability. The vulnerability originates from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data of the ELECOM router. Attackers can use this vulnerability to execute illegal commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0021",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-2533gs2-b",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.52"
          },
          {
            "model": "wrc-2533gst",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-2533gst2sp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-2533gs2-w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.52"
          },
          {
            "model": "wrc-2533gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1167gst2a",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-2533gsta",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-2533gst2-g",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1900gst",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "edwrc-2533gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1167gst2h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-1750gs",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.03"
          },
          {
            "model": "wrc-1750gsv",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "2.11"
          },
          {
            "model": "wrc-1167gst2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "elecom",
            "version": "1.25"
          },
          {
            "model": "wrc-2533gst2-g",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gst2h",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gst2a",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-2533gs2-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-2533gst2sp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750gs",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "edwrc-2533gst2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1900gst",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-2533gst",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gs2-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gst2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1167gs2h-b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-2533gs2-w",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-2533gsta",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-1750gsv",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "wrc-2533gst2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "edwrc",
            "scope": null,
            "trust": 0.6,
            "vendor": "elecom",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.52",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.52",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.25",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          }
        ]
      },
      "cve": "CVE-2021-20863",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-102397",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-004912",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20863",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-004912",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-102397",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202112-008",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. The following vulnerabilities exist in multiple router products provided by ELECOM Corporation. It was * CSRF Insufficient access restrictions for countermeasure tokens  (CWE-284) - CVE-2021-20862 \u2025 * OS Command injection  (CWE-78) \u2025 * telnet Inadequate access control to services  (CWE-284) - CVE-2021-20864 This vulnerability information is from Zero Zero One Co., Ltd. Mr. Katsuhiko Sato (gooh_kun), Hayakawa Soraya Mr Report directly to the product developer, and after coordinating with the product developer, for the purpose of disseminating it to the product user  JVN It was announced in.The expected impact depends on each vulnerability, but it may be affected as follows. * Used in the product by a third party on an adjacent network  CSRF There is a possibility that the token will be obtained illegally and the settings will be changed.  - CVE-2021-20862 \u2025 * By a third party who has access to the management screen of the product root Arbitrary with authority  OS The command may be executed  - CVE-2021-20863 \u2025 * By a third party on the adjacent network, the device  telnet Service enabled, root Arbitrary with authority  OS The command may be executed  - CVE-2021-20864. Elecom Edwrc is a series of routers from Japan\u0027s Elecom company. \n\r\n\r\nElecom Edwrc has an operating system command injection vulnerability. The vulnerability originates from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data of the ELECOM router. Attackers can use this vulnerability to execute illegal commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20863",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVNVU94527926",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ]
      },
      "id": "VAR-202112-0021",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:49:00.753000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "wireless \u00a0LAN\u00a0 Request for firmware update to improve router security",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "title": "Patch for Elecom Edwrc operating system command injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/310391"
          },
          {
            "title": "Elecom Edwrc Repair measures for operating system command injection vulnerability in operating system",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=172671"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ Other ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate access control (CWE-284) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/vu/jvnvu94527926/index.html"
          },
          {
            "trust": 1.6,
            "url": "https://www.elecom.co.jp/news/security/20211130-01/"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20863"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu94527926/"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-004912.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20863"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "date": "2021-12-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "date": "2021-12-01T03:15:07.223000",
            "db": "NVD",
            "id": "CVE-2021-20863"
          },
          {
            "date": "2021-12-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-12-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-102397"
          },
          {
            "date": "2022-03-30T06:03:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          },
          {
            "date": "2021-12-02T16:35:06.923000",
            "db": "NVD",
            "id": "CVE-2021-20863"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in ELECOM router",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004912"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202112-008"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202102-0491

    Vulnerability from variot - Updated: 2023-12-18 12:16

    Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM NCC-EWF100RMWH2 is a wireless access device. Attackers can construct malicious URIs to induce requests and use this vulnerability to perform malicious operations in the context of the target user

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0491",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ncc-ewf100rmwh2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": null
          },
          {
            "model": "ld-ps/u1",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20643)"
          },
          {
            "model": "ncc-ewf100rmwh2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20650)"
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20644)"
          },
          {
            "model": "wrc-300febk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "wrc-300febk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20645, cve-2021-20646)"
          },
          {
            "model": "wrc-300febk-s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
          },
          {
            "model": "wrc-f300nf",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "ncc-ewf100rmwh2",
            "scope": null,
            "trust": 0.6,
            "vendor": "elecom",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:ncc-ewf100rmwh2_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:ncc-ewf100rmwh2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          }
        ]
      },
      "cve": "CVE-2021-20650",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-14149",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 4.8,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-20650",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-14149",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2389",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM NCC-EWF100RMWH2 is a wireless access device. Attackers can construct malicious URIs to induce requests and use this vulnerability to perform malicious operations in the context of the target user",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20650",
            "trust": 3.0
          },
          {
            "db": "JVN",
            "id": "JVN47580234",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ]
      },
      "id": "VAR-202102-0491",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          }
        ],
        "trust": 1.299523826
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:16:29.655000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "title": "Patch for ELECOM NCC-EWF100RMWH2 cross-site request forgery vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/250591"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-78",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-79",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20650"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20650"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2021-02-12T07:15:15.450000",
            "db": "NVD",
            "id": "CVE-2021-20650"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2021-02-18T18:37:52.897000",
            "db": "NVD",
            "id": "CVE-2021-20650"
          },
          {
            "date": "2021-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ELECOM NCC-EWF100RMWH2 cross-site request forgery vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14149"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2389"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202102-0490

    Vulnerability from variot - Updated: 2023-12-18 12:16

    ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. ELECOM WRC-300FEBK-S is a network camera suitable for home from Elecom of Japan. Attackers can use this vulnerability to change the communication response and execute arbitrary commands on the product

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0490",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-300febk-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": null
          },
          {
            "model": "ld-ps/u1",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20643)"
          },
          {
            "model": "ncc-ewf100rmwh2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20650)"
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20644)"
          },
          {
            "model": "wrc-300febk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "wrc-300febk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20645, cve-2021-20646)"
          },
          {
            "model": "wrc-300febk-s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
          },
          {
            "model": "wrc-f300nf",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "wrc-300febk-s",
            "scope": null,
            "trust": 0.6,
            "vendor": "elecom",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-300febk-s_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-300febk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          }
        ]
      },
      "cve": "CVE-2021-20649",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-14142",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.2,
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 4.8,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-20649",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-14142",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2390",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. ELECOM WRC-300FEBK-S is a network camera suitable for home from Elecom of Japan. Attackers can use this vulnerability to change the communication response and execute arbitrary commands on the product",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20649"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20649",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN47580234",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2390",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20649",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20649"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ]
      },
      "id": "VAR-202102-0490",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          }
        ],
        "trust": 1.299523826
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:16:29.627000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "title": "Patch for ELECOM WRC-300FEBK-S certificate verification error vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/250616"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-295",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-78",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-79",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-352",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20649"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195680"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20649"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20649"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20649"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "date": "2021-02-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20649"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2021-02-12T07:15:15.387000",
            "db": "NVD",
            "id": "CVE-2021-20649"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14142"
          },
          {
            "date": "2021-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20649"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2021-02-15T01:26:09.573000",
            "db": "NVD",
            "id": "CVE-2021-20649"
          },
          {
            "date": "2021-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple ELECOM products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2390"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202102-0489

    Vulnerability from variot - Updated: 2023-12-18 12:16

    ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM WRC-300FEBK-S is a wireless access device.

    ELECOM WRC-300FEBK-S has an arbitrary command execution vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0489",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wrc-300febk-s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "elecom",
            "version": null
          },
          {
            "model": "ld-ps/u1",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20643)"
          },
          {
            "model": "ncc-ewf100rmwh2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20650)"
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20644)"
          },
          {
            "model": "wrc-300febk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "wrc-300febk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20645, cve-2021-20646)"
          },
          {
            "model": "wrc-300febk-s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
          },
          {
            "model": "wrc-f300nf",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "wrc-300febk-s",
            "scope": null,
            "trust": 0.6,
            "vendor": "elecom",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:elecom:wrc-300febk-s_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:elecom:wrc-300febk-s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          }
        ]
      },
      "cve": "CVE-2021-20648",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2021-14145",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 4.8,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-20648",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-14145",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202101-2396",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. ELECOM WRC-300FEBK-S is a wireless access device. \n\r\n\r\nELECOM WRC-300FEBK-S has an arbitrary command execution vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20648"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20648",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN47580234",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2396",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20648",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ]
      },
      "id": "VAR-202102-0489",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          }
        ],
        "trust": 1.299523826
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:16:29.599000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "title": "Patch for ELECOM WRC-300FEBK-S arbitrary command execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/250601"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-79",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-352",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "trust": 1.6,
            "url": "https://jvn.jp/en/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20648"
          },
          {
            "trust": 0.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195666"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20648"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20648"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "date": "2021-02-12T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20648"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2021-02-12T07:15:15.327000",
            "db": "NVD",
            "id": "CVE-2021-20648"
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-03-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-14145"
          },
          {
            "date": "2021-02-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20648"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2021-02-15T01:29:13.357000",
            "db": "NVD",
            "id": "CVE-2021-20648"
          },
          {
            "date": "2021-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple ELECOM products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202101-2396"
          }
        ],
        "trust": 0.6
      }
    }