cbcvebase.
CVE-2023-37567
published 2023-07-13

CVE-2023-37567: Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending…

PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.76%
75.2th percentile
Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.

Affected

8 ranges
VendorProductVersion rangeFixed in
elecomwrc-1167ghbk3-a_firmware<= 1.24
elecom_co_ltdwrc-1167ghbk3-a
elecom_co_ltdwrc-1467ghbk-a
elecom_co_ltdwrc-1900ghbk-a
elecom_co_ltdwrc-600ghbk-a
elecom_co_ltdwrc-733febk2-a
elecom_co_ltdwrc-f1167acf2
logitec_corporationlan-w301nr
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.