What is the severity of CVE-2023-49695?

CVE-2023-49695 is categorized as a high severity vulnerability due to its potential to allow arbitrary OS command execution.

How do I fix CVE-2023-49695?

To remediate CVE-2023-49695, upgrade the firmware of the affected Elecom devices to the latest version available.

What type of vulnerability is CVE-2023-49695?

CVE-2023-49695 is an OS command injection vulnerability that can be exploited by an attacker with administrative privileges.

Can I exploit CVE-2023-49695 remotely?

CVE-2023-49695 requires network adjacency for exploitation, meaning it can be exploited by an attacker on the same network as the device.

Vulnerability/
CVE-2023-49695

medium

6.8

CWE

78 77

12/12/2023

8/10/2024

CVE-2023-49695: OS Command Injection

Q: Which devices are affected by CVE-2023-49695?

CVE-2023-49695 affects Elecom WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier.

First published: Tue Dec 12 2023(Updated: )

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
All of
Elecom Wrc-x3000gsn Firmware
Elecom Wrc-x3000gsn Firmware	=1.0.2
All of
Elecom Wrc-x3000gs
Elecom Wrc-x3000gs	<=1.0.24
All of
Elecom Wrc-x3000gsa Firmware
Elecom Wrc-x3000gsa Firmware	<=1.0.24

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-49695?
CVE-2023-49695 is categorized as a high severity vulnerability due to its potential to allow arbitrary OS command execution.
How do I fix CVE-2023-49695?
To remediate CVE-2023-49695, upgrade the firmware of the affected Elecom devices to the latest version available.
Which devices are affected by CVE-2023-49695?
CVE-2023-49695 affects Elecom WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier.
What type of vulnerability is CVE-2023-49695?
CVE-2023-49695 is an OS command injection vulnerability that can be exploited by an attacker with administrative privileges.
Can I exploit CVE-2023-49695 remotely?
CVE-2023-49695 requires network adjacency for exploitation, meaning it can be exploited by an attacker on the same network as the device.

agent/references
agent/type
agent/event
agent/softwarecombine
agent/first-publish-date
agent/weakness
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/elecom
canonical/elecom wrc-x3000gsn firmware
version/elecom wrc-x3000gsn firmware/1.0.2
canonical/elecom wrc-x3000gs
version/elecom wrc-x3000gs/1.0.24
canonical/elecom wrc-x3000gsa firmware
version/elecom wrc-x3000gsa firmware/1.0.24

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.