CVE-2023-43757

moderate-risk

Published 2023-11-16

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (20)

Wrc-2533Ghbk2-T Firmware

Wrc-2533Ghbk-I Firmware

Wrc-1750Ghbk2-I Firmware

Wrc-1750Ghbk-E Firmware

Wrc-1750Ghbk Firmware

Wrc-1167Ghbk2 Firmware

Wrc-1167Ghbk Firmware

Wrc-F1167Acf Firmware

Wrc-733Ghbk Firmware

Wrc-733Ghbk-I Firmware

Wrc-733Ghbk-C Firmware

Wrc-300Ghbk2-I Firmware

Wrc-300Ghbk Firmware

Wrc-733Febk Firmware

Wrc-300Febk Firmware

Wrc-F300Nf Firmware

Wrh-300Wh-H Firmware

Wrh-300Bk Firmware

Wrh-300Wh Firmware

Wrh-300Rd Firmware

Affected Vendors

Elecom

References (8)

Third Party Advisory https://jvn.jp/en/vu/JVNVU94119876/

Third Party Advisory https://www.elecom.co.jp/news/security/20210706-01/

Third Party Advisory https://www.elecom.co.jp/news/security/20230810-01/

Third Party Advisory https://www.elecom.co.jp/news/security/20231114-01/

Third Party Advisory https://jvn.jp/en/vu/JVNVU94119876/

Third Party Advisory https://www.elecom.co.jp/news/security/20210706-01/

Third Party Advisory https://www.elecom.co.jp/news/security/20230810-01/

Third Party Advisory https://www.elecom.co.jp/news/security/20231114-01/

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 23/34 · High