jvndb-2023-000071
Vulnerability from jvndb
Published
2023-07-11 15:37
Modified
2024-03-29 15:28
Severity
Summary
Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
Details
Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2023-37560
* Open Redirect (CWE-601) - CVE-2023-37561
* Cross-Site Request Forgery (CWE-352) - CVE-2023-37562
* Information disclosure (CWE-200) - CVE-2023-37563
* OS Command Injection (CWE-78) - CVE-2023-37564
* Code Injection (CWE-94) - CVE-2023-37565
CVE-2023-37560
Yamaguchi Kakeru reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37561, CVE-2023-37562
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37563
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.
CVE-2023-37564
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2023-37565
MASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html", "dc:date": "2024-03-29T15:28+09:00", "dcterms:issued": "2023-07-11T15:37+09:00", "dcterms:modified": "2024-03-29T15:28+09:00", "description": "Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\n * Cross-site Scripting (CWE-79) - CVE-2023-37560\r\n * Open Redirect (CWE-601) - CVE-2023-37561\r\n * Cross-Site Request Forgery (CWE-352) - CVE-2023-37562\r\n * Information disclosure (CWE-200) - CVE-2023-37563\r\n * OS Command Injection (CWE-78) - CVE-2023-37564\r\n * Code Injection (CWE-94) - CVE-2023-37565\r\n\r\nCVE-2023-37560\r\nYamaguchi Kakeru reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37561, CVE-2023-37562\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37563\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-37564\r\nShu Yoshikoshi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2023-37565\r\nMASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000071.html", "sec:cpe": [ { "#text": "cpe:/o:elecom:wrc-1167febk-a_firmware", "@product": "WRC-1167FEBK-A", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1167febk-s", "@product": "WRC-1167FEBK-S", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1167gebk-s_firmware", "@product": "WRC-1167GEBK-S", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1167ghbk-s_firmware", "@product": "WRC-1167GHBK-S", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1167ghbk3-a_firmware", "@product": "WRC-1167GHBK3-A", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300wh-h_firmware", "@product": "WRH-300WH-H firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wtc-300hwh", "@product": "WTC-300HWH", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wtc-c1167gc-b", "@product": "WTC-C1167GC-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wtc-c1167gc-w", "@product": "WTC-C1167GC-W", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" } ], "sec:cvss": [ { "@score": "7.7", "@severity": "High", "@type": "Base", "@vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "@version": "2.0" }, { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2023-000071", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN05223215/index.html", "@id": "JVN#05223215", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37560", "@id": "CVE-2023-37560", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37561", "@id": "CVE-2023-37561", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37562", "@id": "CVE-2023-37562", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37563", "@id": "CVE-2023-37563", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37564", "@id": "CVE-2023-37564", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-37565", "@id": "CVE-2023-37565", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37560", "@id": "CVE-2023-37560", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37561", "@id": "CVE-2023-37561", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37562", "@id": "CVE-2023-37562", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37563", "@id": "CVE-2023-37563", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37564", "@id": "CVE-2023-37564", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-37565", "@id": "CVE-2023-37565", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-352", "@title": "Cross-Site Request Forgery(CWE-352)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-94", "@title": "Code Injection(CWE-94)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters" }
Loading...