CVE-2023-35991
moderate-risk
Published 2023-08-18
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
Do I need to act?
-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (7)
Lan-Wh300Andgpe Firmware
Lan-Wh300N\/Dgp Firmware
Lan-Wh300An\/Dgp Firmware
Lan-Wh450N\/Gp Firmware
Lan-W300N\/P Firmware
Lan-Wh300N\/Dr Firmware
Lan-W300N\/Dr Firmware
Affected Vendors
References (4)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU91630351/
Vendor Advisory
https://www.elecom.co.jp/news/security/20230810-01/
Third Party Advisory
https://jvn.jp/en/vu/JVNVU91630351/
Vendor Advisory
https://www.elecom.co.jp/news/security/20230810-01/
47
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
14/34 · Moderate