First published: Thu Jul 13 2023(Updated: )
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Elecom Wrc-1167ghbk-s Firmware | <=1.03 | |
Elecom Wrc-1167ghbk-s | ||
Elecom Wrc-1167gebk-s Firmware | <=1.03 | |
Elecom Wrc-1167gebk-s | ||
Elecom Wrc-1167febk-s Firmware | <=1.04 | |
Elecom Wrc-1167febk-s | ||
Elecom Wrc-1167ghbk3-a Firmware | <=1.24 | |
Elecom Wrc-1167ghbk3-a | ||
Elecom Wrc-1167febk-a Firmware | <=1.18 | |
Elecom Wrc-1167febk-a |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this OS command injection vulnerability in ELECOM wireless LAN routers is CVE-2023-37564.
CVE-2023-37564 has a severity level of high.
This vulnerability allows a network-adjacent authenticated attacker to execute an arbitrary OS command with root privilege by sending a specially crafted request.
The ELECOM wireless LAN routers affected by this vulnerability are WRC-1167GHBK-S v1.03 and earlier, WRC-1167gebk-s v1.03 and earlier, WRC-1167febk-s up to v1.04, WRC-1167ghbk3-a up to v1.24, and WRC-1167febk-a up to v1.18.
To fix this vulnerability, you should update your ELECOM wireless LAN router firmware to the latest version provided by the manufacturer.