Action not permitted
Modal body text goes here.
cve-2023-37560
Vulnerability from cvelistv5
Published
2023-07-13 01:16
Modified
2024-08-02 17:16
Severity
Summary
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
References
| Source | URL | Tags |
|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN05223215/ | Third Party Advisory |
| vultures@jpcert.or.jp | https://www.elecom.co.jp/news/security/20230711-01/ | Vendor Advisory |
Impacted products
| Vendor | Product |
|---|---|
| ELECOM CO.,LTD. | WRH-300WH-H |
| ELECOM CO.,LTD. | WTC-300HWH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WRH-300WH-H",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v2.12 and earlier"
}
]
},
{
"product": "WTC-300HWH",
"vendor": "ELECOM CO.,LTD.",
"versions": [
{
"status": "affected",
"version": "v1.09 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-13T01:16:30.201Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-37560",
"datePublished": "2023-07-13T01:16:30.201Z",
"dateReserved": "2023-07-07T08:46:11.998Z",
"dateUpdated": "2024-08-02T17:16:30.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-37560\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2023-07-13T02:15:09.417\",\"lastModified\":\"2023-07-20T19:28:00.590\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.12\",\"matchCriteriaId\":\"218EB4DC-76CF-4940-AB33-EE1CF9D224DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"079F2DC5-840A-4201-B46C-F9339968D256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.09\",\"matchCriteriaId\":\"EA8A3899-88B3-49C3-8383-06BADB7789AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A647D35F-778D-418E-9B7A-332EEA313EAC\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN05223215/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.elecom.co.jp/news/security/20230711-01/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
ghsa-wj8c-qf95-jjgj
Vulnerability from github
Published
2023-07-13 03:30
Modified
2024-04-04 06:05
Severity
Details
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
{
"affected": [],
"aliases": [
"CVE-2023-37560"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-13T02:15:09Z",
"severity": "MODERATE"
},
"details": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.",
"id": "GHSA-wj8c-qf95-jjgj",
"modified": "2024-04-04T06:05:55Z",
"published": "2023-07-13T03:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37560"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN05223215"
},
{
"type": "WEB",
"url": "https://www.elecom.co.jp/news/security/20230711-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
gsd-2023-37560
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-37560",
"id": "GSD-2023-37560"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-37560"
],
"details": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.",
"id": "GSD-2023-37560",
"modified": "2023-12-13T01:20:24.504622Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2023-37560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WRH-300WH-H",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v2.12 and earlier"
}
]
}
},
{
"product_name": "WTC-300HWH",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.09 and earlier"
}
]
}
}
]
},
"vendor_name": "ELECOM CO.,LTD."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20230711-01/",
"refsource": "MISC",
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN05223215/",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2023-37560"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elecom.co.jp/news/security/20230711-01/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"name": "https://jvn.jp/en/jp/JVN05223215/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN05223215/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-07-20T19:28Z",
"publishedDate": "2023-07-13T02:15Z"
}
}
}
var-202307-0620
Vulnerability from variot
Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. None
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202307-0620",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrh-300wh-h",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "2.12"
},
{
"model": "wtc-300hwh",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.09"
},
{
"model": "wrc-600ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-733febk2-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-f1167acf",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-300hwh",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167ghbk3-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-w",
"scope": "lte",
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": "v1.17 and earlier s (cve-2023-37561,cve-2023-37562)"
},
{
"model": "wrc-1900ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167gebk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1167febk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1467ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrh-300wh-h",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wtc-c1167gc-b",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "wrc-1900ghbk-s",
"scope": null,
"trust": 0.8,
"vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wrh-300wh-h_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wrh-300wh-h:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:elecom:wtc-300hwh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:elecom:wtc-300hwh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"cve": "CVE-2023-37560",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"explitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2023-000071",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-37560",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202307-953",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. None",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "VULMON",
"id": "CVE-2023-37560"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-37560",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVN05223215",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-37560",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"id": "VAR-202307-0620",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2024-03-29T22:36:08.332000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.",
"trust": 0.8,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"title": "ELECOM WRH Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=246958"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site scripting (CWE-79) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Code injection (CWE-94) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " information leak (CWE-200) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " Cross-site request forgery (CWE-352) [IPA evaluation ]",
"trust": 0.8
},
{
"problemtype": " others (CWE-Other) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.elecom.co.jp/news/security/20230711-01/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn05223215/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn05223215/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37560"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37561"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37562"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37563"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-37565"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-000071.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-37560/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"date": "2023-07-13T02:15:09.417000",
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2023-37560"
},
{
"date": "2024-03-29T06:15:00",
"db": "JVNDB",
"id": "JVNDB-2023-000071"
},
{
"date": "2023-07-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202307-953"
},
{
"date": "2023-07-20T19:28:00.590000",
"db": "NVD",
"id": "CVE-2023-37560"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elecom radio \u00a0LAN\u00a0 router and wireless \u00a0LAN\u00a0 Multiple vulnerabilities in repeaters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-000071"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202307-953"
}
],
"trust": 0.6
}
}
cve-2023-37560
Vulnerability from jvndb
Published
2023-07-11 15:37
Modified
2024-03-29 15:28
Severity
Summary
Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
Details
Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2023-37560
* Open Redirect (CWE-601) - CVE-2023-37561
* Cross-Site Request Forgery (CWE-352) - CVE-2023-37562
* Information disclosure (CWE-200) - CVE-2023-37563
* OS Command Injection (CWE-78) - CVE-2023-37564
* Code Injection (CWE-94) - CVE-2023-37565
CVE-2023-37560
Yamaguchi Kakeru reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37561, CVE-2023-37562
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37563
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.
CVE-2023-37564
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37565
MASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
"dc:date": "2024-03-29T15:28+09:00",
"dcterms:issued": "2023-07-11T15:37+09:00",
"dcterms:modified": "2024-03-29T15:28+09:00",
"description": "Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n * Cross-site Scripting (CWE-79) - CVE-2023-37560\r\n * Open Redirect (CWE-601) - CVE-2023-37561\r\n * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562\r\n * Information disclosure (CWE-200) - CVE-2023-37563\r\n * OS Command Injection (CWE-78) - CVE-2023-37564\r\n * Code Injection (CWE-94) - CVE-2023-37565\r\n\r\nCVE-2023-37560\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37561, CVE-2023-37562\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37563\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-37564\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37565\r\nMASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html",
"sec:cpe": [
{
"#text": "cpe:/o:elecom:wrc-1167febk-a_firmware",
"@product": "WRC-1167FEBK-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167febk-s",
"@product": "WRC-1167FEBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware",
"@product": "WRC-1167GEBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware",
"@product": "WRC-1167GHBK-S",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware",
"@product": "WRC-1167GHBK3-A",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wrh-300wh-h_firmware",
"@product": "WRH-300WH-H firmware",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wtc-300hwh",
"@product": "WTC-300HWH",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wtc-c1167gc-b",
"@product": "WTC-C1167GC-B",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
},
{
"#text": "cpe:/o:elecom:wtc-c1167gc-w",
"@product": "WTC-C1167GC-W",
"@vendor": "ELECOM CO.,LTD.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "7.7",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000071",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN05223215/index.html",
"@id": "JVN#05223215",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37560",
"@id": "CVE-2023-37560",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37561",
"@id": "CVE-2023-37561",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37562",
"@id": "CVE-2023-37562",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37563",
"@id": "CVE-2023-37563",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37564",
"@id": "CVE-2023-37564",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-37565",
"@id": "CVE-2023-37565",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37560",
"@id": "CVE-2023-37560",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37561",
"@id": "CVE-2023-37561",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37562",
"@id": "CVE-2023-37562",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37563",
"@id": "CVE-2023-37563",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37564",
"@id": "CVE-2023-37564",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37565",
"@id": "CVE-2023-37565",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-94",
"@title": "Code Injection(CWE-94)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters"
}
Loading...