CVE-2023-40069
moderate-risk
Published 2023-08-18
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.
Do I need to act?
-
0.93% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (5)
Wrc-F1167Acf Firmware
Wrc-1750Ghbk Firmware
Wrc-1167Ghbk2 Firmware
Wrc-1750Ghbk2-I Firmware
Wrc-1750Ghbk-E Firmware
Affected Vendors
References (4)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU91630351/
Vendor Advisory
https://www.elecom.co.jp/news/security/20230810-01/
Third Party Advisory
https://jvn.jp/en/vu/JVNVU91630351/
Vendor Advisory
https://www.elecom.co.jp/news/security/20230810-01/
47
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
3/34 · Minimal
Exposure
12/34 · Low