cbcvebase.
CVE-2023-37566
published 2023-07-13

CVE-2023-37566: Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by…

PriorityP346high8CVSS 3.1
AVAACLPRLUINSUCHIHAH
EPSS
0.98%
57.8th percentile
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.

Affected

10 ranges
VendorProductVersion rangeFixed in
elecomwrc-1167febk-a_firmware<= 1.18
elecomwrc-1167ghbk3-a_firmware<= 1.24
elecom_co_ltdwrc-1167febk-a
elecom_co_ltdwrc-1167ghbk3-a
elecom_co_ltdwrc-1467ghbk-a
elecom_co_ltdwrc-1900ghbk-a
elecom_co_ltdwrc-600ghbk-a
elecom_co_ltdwrc-733febk2-a
elecom_co_ltdwrc-f1167acf2
logitec_corporationlan-w301nr
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.