cvelistv5 - cve-2023-39445

cve-2023-39445

Vulnerability from cvelistv5

Published

2023-08-18 09:40

Modified

2024-10-08 15:11

Severity ?

Summary

References

▼	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU91630351/	Third Party Advisory
	vultures@jpcert.or.jp	https://www.elecom.co.jp/news/security/20230810-01/	Vendor Advisory

Impacted products

▼	Vendor	Product
	LOGITEC CORPORATION	LAN-WH300N/RE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:10:20.697Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:logitec:lan-wh300n_re:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "lan-wh300n_re",
            "vendor": "logitec",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:47:13.849174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T15:11:13.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "LAN-WH300N/RE",
          "vendor": "LOGITEC CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Hidden Functionality",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T09:40:17.145Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.elecom.co.jp/news/security/20230810-01/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU91630351/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-39445",
    "datePublished": "2023-08-18T09:40:17.145Z",
    "dateReserved": "2023-08-09T11:54:56.682Z",
    "dateUpdated": "2024-10-08T15:11:13.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-39445\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2023-08-18T10:15:12.037\",\"lastModified\":\"2024-10-08T15:35:13.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de funcionalidad oculta en LAN-WH300N/RE todas las versiones proporcionadas por LOGITEC CORPORATION permite a un atacante no autenticado ejecutar c\u00f3digo arbitrario enviando un archivo especialmente dise\u00f1ado a la consola de gesti\u00f3n determinada del producto.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrc-1467ghbk-a_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC533672-D149-4A6B-A60F-E5888A4D0866\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EE63634-3DBE-4B5F-B871-F076238BC4C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrc-1467ghbk-s_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F19CD96A-4C04-4BFA-9E4D-8FC5E9E5E234\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrc-1467ghbk-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"376A8656-1F77-4F34-B644-5DB95CEE1FD8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrc-1900ghbk-a_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6924154-8795-4E5D-8DA3-6EB49EEA2EC0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9EEA205-6C7C-4AB3-BAEF-30249B176DE8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrc-1900ghbk-s_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0420E3E-E12A-471E-8EE1-67E2BC70D3CA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrc-1900ghbk-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20D26F24-2789-4111-983D-F3CF358E5B19\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrc-600ghbk-a_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59693326-E999-4115-BB4D-67C6B6A6FC4F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62FEEDBD-C39E-46C4-87E7-B59967845A42\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrc-733febk2-a_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ADFE2B7-2D1A-42A1-9BB5-BEB940464D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2468934-2A7D-4DD7-8145-7F3E86F12BB1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:elecom:wrc-f1167acf2_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7236FA68-7625-427E-AD31-995EE0CAD0F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A01DD657-E35F-434C-B9D1-6EFA4C69A0CF\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU91630351/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.elecom.co.jp/news/security/20230810-01/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202308-2599",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wrc-f1167acf2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "elecom",
        "version": "*"
      },
      {
        "model": "wrc-1900ghbk-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "elecom",
        "version": "*"
      },
      {
        "model": "wrc-1467ghbk-s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "elecom",
        "version": "*"
      },
      {
        "model": "wrc-1467ghbk-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "elecom",
        "version": "*"
      },
      {
        "model": "wrc-1900ghbk-s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "elecom",
        "version": "*"
      },
      {
        "model": "wrc-600ghbk-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "elecom",
        "version": "*"
      },
      {
        "model": "wrc-733febk2-a",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "elecom",
        "version": "*"
      },
      {
        "model": "lan-w300n/dr",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1167ghbk2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-w300n/rs",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-wh300n/re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1750ghbk-e",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1900ghbk-s",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-x1800gsa-b",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wab-s600-ps",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-733febk2-a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-f1167acf",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-x1800gsh-b",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-600ghbk-a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wab-s300",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1750ghbk2-i",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1467ghbk-s",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-w300n/p",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-w300n/pr5",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1900ghbk-a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-wh300an/dgp",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wab-m1775-ps",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wab-s1167",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1750ghbk",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-wh450n/gp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": "all  s  (cve-2023-35991)"
      },
      {
        "model": "wab-s1775",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-x1800gs-b",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-wh300n/dr",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-wh300n/dgp",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-wh300andgpe",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-f1167acf2",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "wrc-1467ghbk-a",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a8\u30ec\u30b3\u30e0\u682a\u5f0f\u4f1a\u793e",
        "version": null
      },
      {
        "model": "lan-w451ngr",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ed\u30b8\u30c6\u30c3\u30af\u682a\u5f0f\u4f1a\u793e",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-s_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-s_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-600ghbk-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-733febk2-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "cve": "CVE-2023-39445",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2023-002797",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2023-39445",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2023-002797",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-39445"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVNVU91630351",
        "trust": 1.9
      },
      {
        "db": "NVD",
        "id": "CVE-2023-39445",
        "trust": 1.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-39445",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-39445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "id": "VAR-202308-2599",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.6666667
  },
  "last_update_date": "2024-01-24T22:29:00.931000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "wireless LAN Request for switching to alternative products for some network products such as routers ELECOM CO., LTD.",
        "trust": 0.8,
        "url": "https://www.elecom.co.jp/news/security/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Inappropriate access control (CWE-284) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": "OS Command injection (CWE-78) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Unpublished features (CWE-912) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "https://jvn.jp/en/vu/jvnvu91630351/"
      },
      {
        "trust": 1.1,
        "url": "https://www.elecom.co.jp/news/security/20230810-01/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91630351/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2023-39445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2023-39445"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-39445"
      },
      {
        "date": "2023-08-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "date": "2023-08-18T10:15:12.037000",
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-39445"
      },
      {
        "date": "2024-01-24T04:50:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      },
      {
        "date": "2023-08-24T18:30:33",
        "db": "NVD",
        "id": "CVE-2023-39445"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in ELECOM and Logitech network equipment",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-002797"
      }
    ],
    "trust": 0.8
  }
}

ghsa-wx57-58h7-39h9

Vulnerability from github

Published

2023-08-18 12:30

Modified

2024-04-04 07:02

Severity ?

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-39445"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-18T10:15:12Z",
    "severity": "HIGH"
  },
  "details": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console.",
  "id": "GHSA-wx57-58h7-39h9",
  "modified": "2024-04-04T07:02:52Z",
  "published": "2023-08-18T12:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU91630351"
    },
    {
      "type": "WEB",
      "url": "https://www.elecom.co.jp/news/security/20230810-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2023-39445

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-39445

Aliases

CVE-2023-39445

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-39445",
    "id": "GSD-2023-39445"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-39445"
      ],
      "details": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console.",
      "id": "GSD-2023-39445",
      "modified": "2023-12-13T01:20:33.402262Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2023-39445",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "LAN-WH300N/RE",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "LOGITEC CORPORATION"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Hidden Functionality"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.elecom.co.jp/news/security/20230810-01/",
            "refsource": "MISC",
            "url": "https://www.elecom.co.jp/news/security/20230810-01/"
          },
          {
            "name": "https://jvn.jp/en/vu/JVNVU91630351/",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/vu/JVNVU91630351/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1467ghbk-s_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1467ghbk-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-1900ghbk-s_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-1900ghbk-s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-600ghbk-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-600ghbk-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-733febk2-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-733febk2-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:elecom:wrc-f1167acf2_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:elecom:wrc-f1167acf2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2023-39445"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product\u0027s certain management console."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/vu/JVNVU91630351/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/vu/JVNVU91630351/"
            },
            {
              "name": "https://www.elecom.co.jp/news/security/20230810-01/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.elecom.co.jp/news/security/20230810-01/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-08-24T18:30Z",
      "publishedDate": "2023-08-18T10:15Z"
    }
  }
}

cve-2023-39445

Vulnerability from jvndb

Published

2023-08-15 11:54

Modified

2024-08-29 09:39

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in ELECOM and LOGITEC network devices

Details

Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below. * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445 * Telnet service access restriction failure (CWE-284) - CVE-2023-38132 * Hidden Functionality (CWE-912) - CVE-2023-38576 * Buffer overflow (CWE-120) - CVE-2023-39454 * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072 * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.

References

▼	Type	URL
	JVN	http://jvn.jp/en/vu/JVNVU91630351/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-32626
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-35991
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-38132
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-38576
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39445
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39454
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39455
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-39944
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-40069
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-40072
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-32626
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-35991
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-38132
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-38576
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39445
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39454
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39455
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39944
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-40069
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-40072
	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120)	https://cwe.mitre.org/data/definitions/120.html
	Improper Access Control(CWE-284)	https://cwe.mitre.org/data/definitions/284.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Hidden Functionality(CWE-912)	https://cwe.mitre.org/data/definitions/912.html

Impacted products

▼	Vendor	Product
	ELECOM CO.,LTD.	WAB-I1750-PS
	ELECOM CO.,LTD.	WAB-S1167-PS
	ELECOM CO.,LTD.	WAB-M1775-PS firmware
	ELECOM CO.,LTD.	WAB-M2133 firmware
	ELECOM CO.,LTD.	WAB-S1167 firmware
	ELECOM CO.,LTD.	WAB-S1775 firmware
	ELECOM CO.,LTD.	WAB-S300
	ELECOM CO.,LTD.	WAB-S600-PS
	ELECOM CO.,LTD.	WRC-1167GHBK2 firmware
	ELECOM CO.,LTD.	WRC-1467GHBK-A
	ELECOM CO.,LTD.	WRC-1467GHBK-S
	ELECOM CO.,LTD.	WRC-1750GHBK-E firmware
	ELECOM CO.,LTD.	WRC-1750GHBK2-I firmware
	ELECOM CO.,LTD.	WRC-1750GHBK firmware
	ELECOM CO.,LTD.	WRC-1900GHBK-A
	ELECOM CO.,LTD.	WRC-1900GHBK-S
	ELECOM CO.,LTD.	WRC-600GHBK-A
	ELECOM CO.,LTD.	WRC-733FEBK2-A
	ELECOM CO.,LTD.	WRC-F1167ACF2
	ELECOM CO.,LTD.	WRC-F1167ACF firmware
	ELECOM CO.,LTD.	WRC-X1800GS-B
	ELECOM CO.,LTD.	WRC-X1800GSA-B
	ELECOM CO.,LTD.	WRC-X1800GSH-B
	Logitec Corp.	LAN-W300N/DR
	Logitec Corp.	LAN-W300N/PR5
	Logitec Corp.	LAN-W300N/P firmware
	Logitec Corp.	LAN-W300N/RS firmware
	Logitec Corp.	LAN-W451NGR
	Logitec Corp.	LAN-WH300AN/DGP
	Logitec Corp.	LAN-WH300ANDGPE
	Logitec Corp.	LAN-WH300N/DGP firmware
	Logitec Corp.	LAN-WH300N/DR
	Logitec Corp.	LAN-WH300N/RE
	Logitec Corp.	LAN-WH450N/GP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
  "dc:date": "2024-08-29T09:39+09:00",
  "dcterms:issued": "2023-08-15T11:54+09:00",
  "dcterms:modified": "2024-08-29T09:39+09:00",
  "description": "Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n  * Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445\r\n  * Telnet service access restriction failure (CWE-284) - CVE-2023-38132\r\n  * Hidden Functionality (CWE-912) - CVE-2023-38576\r\n  * Buffer overflow (CWE-120) - CVE-2023-39454\r\n  * OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072\r\n  * OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069\r\n\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002797.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:elecom:wab-i1750-ps",
      "@product": "WAB-I1750-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:elecom:wab-s1167-ps",
      "@product": "WAB-S1167-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-m1775-ps_firmware",
      "@product": "WAB-M1775-PS firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-m2133_firmware",
      "@product": "WAB-M2133 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s1167_firmware",
      "@product": "WAB-S1167 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s1775_firmware",
      "@product": "WAB-S1775 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s300_firmware",
      "@product": "WAB-S300",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wab-s600-ps_firmware",
      "@product": "WAB-S600-PS",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1167ghbk2_firmware",
      "@product": "WRC-1167GHBK2 firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
      "@product": "WRC-1467GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-s_firmware",
      "@product": "WRC-1467GHBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk-e_firmware",
      "@product": "WRC-1750GHBK-E firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk2-i_firmware",
      "@product": "WRC-1750GHBK2-I firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1750ghbk_firmware",
      "@product": "WRC-1750GHBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1900ghbk-a_firmware",
      "@product": "WRC-1900GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1900ghbk-s_firmware",
      "@product": "WRC-1900GHBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-600ghbk-a_firmware",
      "@product": "WRC-600GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-733febk2-a_firmware",
      "@product": "WRC-733FEBK2-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf2_firmware",
      "@product": "WRC-F1167ACF2",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f1167acf_firmware",
      "@product": "WRC-F1167ACF firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gs-b_firmware",
      "@product": "WRC-X1800GS-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsa-b_firmware",
      "@product": "WRC-X1800GSA-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-x1800gsh-b_firmware",
      "@product": "WRC-X1800GSH-B",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fdr_firmware",
      "@product": "LAN-W300N/DR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fpr5_firmware",
      "@product": "LAN-W300N/PR5",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2fp_firmware",
      "@product": "LAN-W300N/P firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware",
      "@product": "LAN-W300N/RS firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-w451ngr_firmware",
      "@product": "LAN-W451NGR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300an%2fdgp_firmware",
      "@product": "LAN-WH300AN/DGP",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300andgpe_firmware",
      "@product": "LAN-WH300ANDGPE",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fdgp_firmware",
      "@product": "LAN-WH300N/DGP firmware",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fdr_firmware",
      "@product": "LAN-WH300N/DR",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh300n%2fre_firmware",
      "@product": "LAN-WH300N/RE",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:logitec:lan-wh450n%2fgp_firmware",
      "@product": "LAN-WH450N/GP",
      "@vendor": "Logitec Corp.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-002797",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU91630351/index.html",
      "@id": "JVNVU#91630351",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-32626",
      "@id": "CVE-2023-32626",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-35991",
      "@id": "CVE-2023-35991",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38132",
      "@id": "CVE-2023-38132",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-38576",
      "@id": "CVE-2023-38576",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39445",
      "@id": "CVE-2023-39445",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39454",
      "@id": "CVE-2023-39454",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39455",
      "@id": "CVE-2023-39455",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-39944",
      "@id": "CVE-2023-39944",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40069",
      "@id": "CVE-2023-40069",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-40072",
      "@id": "CVE-2023-40072",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-32626",
      "@id": "CVE-2023-32626",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-35991",
      "@id": "CVE-2023-35991",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38132",
      "@id": "CVE-2023-38132",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-38576",
      "@id": "CVE-2023-38576",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39445",
      "@id": "CVE-2023-39445",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39454",
      "@id": "CVE-2023-39454",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39455",
      "@id": "CVE-2023-39455",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39944",
      "@id": "CVE-2023-39944",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40069",
      "@id": "CVE-2023-40069",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-40072",
      "@id": "CVE-2023-40072",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/912.html",
      "@id": "CWE-912",
      "@title": "Hidden Functionality(CWE-912)"
    }
  ],
  "title": "Multiple vulnerabilities in ELECOM and LOGITEC network devices"
}

Action not permitted

cve-2023-39445

Vulnerability from cvelistv5

var-202308-2599

Vulnerability from variot

ghsa-wx57-58h7-39h9

Vulnerability from github

gsd-2023-39445

Vulnerability from gsd

cve-2023-39445

Vulnerability from jvndb

Tags