CVE-2023-37561
First published: Thu Jul 13 2023(Updated: )
Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elecom Wrh-300wh-h Firmware | <=2.12 | |
| Elecom Wrh-300wh-h | ||
| Elecom Wtc-300hwh Firmware | <=1.09 | |
| Elecom Wtc-300hwh | ||
| Elecom Wtc-c1167gc-b Firmware | <=1.17 | |
| Elecom Wtc-c1167gc-b | ||
| Elecom Wtc-c1167gc-w Firmware | <=1.17 | |
| Elecom Wtc-c1167gc-w |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this open redirect vulnerability?
The vulnerability ID of this open redirect vulnerability is CVE-2023-37561.
What is the severity of CVE-2023-37561?
CVE-2023-37561 has a severity rating of 6.1 (Medium).
What products are affected by CVE-2023-37561?
The following products are affected by CVE-2023-37561: Elecom WRH-300WH-H firmware version up to 2.12, Elecom WTC-300HWH firmware version up to 1.09, Elecom WTC-C1167GC-B firmware version up to 1.17, and Elecom WTC-C1167GC-W firmware version up to 1.17.
How does the open redirect vulnerability in ELECOM wireless LAN routers and repeaters work?
The open redirect vulnerability in ELECOM wireless LAN routers and repeaters allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks by manipulating a specially crafted URL.
Are the Elecom WRH-300WH-H, Elecom WTC-300HWH, Elecom WTC-C1167GC-B, and Elecom WTC-C1167GC-W devices vulnerable to CVE-2023-37561?
The Elecom WRH-300WH-H, Elecom WTC-300HWH, Elecom WTC-C1167GC-B, and Elecom WTC-C1167GC-W devices are vulnerable to CVE-2023-37561 if they are running firmware versions up to 2.12, 1.09, 1.17, and 1.17, respectively.
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elecom
- canonical/elecom wrh-300wh-h firmware
- version/elecom wrh-300wh-h firmware/2.12
- canonical/elecom wrh-300wh-h
- canonical/elecom wtc-300hwh firmware
- version/elecom wtc-300hwh firmware/1.09
- canonical/elecom wtc-300hwh
- canonical/elecom wtc-c1167gc-b firmware
- version/elecom wtc-c1167gc-b firmware/1.17
- canonical/elecom wtc-c1167gc-b
- canonical/elecom wtc-c1167gc-w firmware
- version/elecom wtc-c1167gc-w firmware/1.17
- canonical/elecom wtc-c1167gc-w