CVE-2023-35991
First published: Fri Aug 18 2023(Updated: )
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elecom Lan-wh300andgpe Firmware | ||
| Elecom Lan-wh300andgpe | ||
| Elecom Lan-wh300n\/dgp Firmware | ||
| Elecom Lan-wh300n\/dgp | ||
| Elecom Lan-wh300an\/dgp Firmware | ||
| Elecom Lan-wh300an\/dgp | ||
| Elecom Lan-wh450n\/gp Firmware | ||
| Elecom Lan-wh450n\/gp | ||
| Elecom Lan-w300n\/p Firmware | ||
| Elecom Lan-w300n\/p | ||
| Elecom Lan-wh300n\/dr Firmware | ||
| Elecom Lan-wh300n\/dr | ||
| Elecom Lan-w300n\/dr Firmware | ||
| Elecom Lan-w300n\/dr | ||
| All of | ||
| Elecom Lan-wh300andgpe | ||
| Elecom Lan-wh300andgpe Firmware | ||
| All of | ||
| Elecom Lan-wh300n\/dgp | ||
| Elecom Lan-wh300n\/dgp Firmware | ||
| All of | ||
| Elecom Lan-wh300an\/dgp | ||
| Elecom Lan-wh300an\/dgp Firmware | ||
| All of | ||
| Elecom Lan-wh450n\/gp | ||
| Elecom Lan-wh450n\/gp Firmware | ||
| All of | ||
| Elecom Lan-w300n\/p | ||
| Elecom Lan-w300n\/p Firmware | ||
| All of | ||
| Elecom Lan-wh300n\/dr | ||
| Elecom Lan-wh300n\/dr Firmware | ||
| All of | ||
| Elecom Lan-w300n\/dr | ||
| Elecom Lan-w300n\/dr Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability CVE-2023-35991?
The vulnerability CVE-2023-35991 is a hidden functionality vulnerability in LOGITEC wireless LAN routers that allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.
Which products and versions are affected by the vulnerability CVE-2023-35991?
The affected products and versions are Elecom LAN-W300N/DR (all versions), LAN-WH300N/DR (all versions), LAN-WH300ANDGPE firmware, LAN-WH300N/DGP firmware, LAN-WH300AN/DGP firmware, LAN-WH450N/GP firmware, LAN-W300N/P firmware, LAN-WH300N/DR firmware, and LAN-W300N/DR firmware.
What is the severity of CVE-2023-35991?
The severity of CVE-2023-35991 is critical with a severity value of 9.8.
How can an attacker exploit the vulnerability CVE-2023-35991?
An attacker can exploit the vulnerability CVE-2023-35991 by logging in to the product's certain management console and executing arbitrary OS commands.
Is there a fix available for the vulnerability CVE-2023-35991?
Yes, Elecom has released firmware updates to address the vulnerability CVE-2023-35991. It is recommended to update to the latest firmware version to mitigate this issue.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/elecom
- canonical/elecom lan-wh300andgpe firmware
- canonical/elecom lan-wh300andgpe
- canonical/elecom lan-wh300n\/dgp firmware
- canonical/elecom lan-wh300n\/dgp
- canonical/elecom lan-wh300an\/dgp firmware
- canonical/elecom lan-wh300an\/dgp
- canonical/elecom lan-wh450n\/gp firmware
- canonical/elecom lan-wh450n\/gp
- canonical/elecom lan-w300n\/p firmware
- canonical/elecom lan-w300n\/p
- canonical/elecom lan-wh300n\/dr firmware
- canonical/elecom lan-wh300n\/dr
- canonical/elecom lan-w300n\/dr firmware
- canonical/elecom lan-w300n\/dr