CVE-2023-39944 - Vulnerability Details - OpenCVE

ReportizFlow

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Elecom	Wrc-1750ghbk Wrc-1750ghbk Firmware Wrc-f1167acf Wrc-f1167acf Firmware Wrc 1750ghbk Wrc F1167acf

Configuration 1 [-]

AND

cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU91630351/
https://www.elecom.co.jp/news/security/20230810-01/

History

Tue, 08 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Elecom wrc 1750ghbk Elecom wrc F1167acf
CPEs		cpe:2.3:a:elecom:wrc_1750ghbk:::::::: cpe:2.3:a:elecom:wrc_f1167acf::::::::
Vendors & Products		Elecom wrc 1750ghbk Elecom wrc F1167acf
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-08-18T09:43:35.233Z

Updated: 2024-10-08T14:37:06.331Z

Reserved: 2023-08-09T11:54:55.787Z

Link: CVE-2023-39944

Vulnrichment

Updated: 2024-08-02T18:18:10.175Z

NVD

Status : Modified

Published: 2023-08-18T10:15:12.403

Modified: 2024-11-21T08:16:05.017

Link: CVE-2023-39944

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39944", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-08-09T11:54:55.787Z", "datePublished": "2023-08-18T09:43:35.233Z", "dateUpdated": "2024-10-08T14:37:06.331Z"}, "containers": {"cna": {"affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-F1167ACF", "versions": [{"version": "all versions", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-1750GHBK", "versions": [{"version": "all versions", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request."}], "problemTypes": [{"descriptions": [{"description": "OS command injection", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20230810-01/"}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-18T09:43:35.233Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.175Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.elecom.co.jp/news/security/20230810-01/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "elecom", "product": "wrc_f1167acf", "cpes": ["cpe:2.3:a:elecom:wrc_f1167acf:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc_1750ghbk", "cpes": ["cpe:2.3:a:elecom:wrc_1750ghbk:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T14:33:00.530335Z", "id": "CVE-2023-39944", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:37:06.331Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.elecom.co.jp/news/security/20230810-01/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.175Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39944", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-08T14:33:00.530335Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elecom:wrc_f1167acf:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc_f1167acf", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:elecom:wrc_1750ghbk:*:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc_1750ghbk", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:36:59.097Z"}}], "cna": {"affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-F1167ACF", "versions": [{"status": "affected", "version": "all versions"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-1750GHBK", "versions": [{"status": "affected", "version": "all versions"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20230810-01/"}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/"}], "descriptions": [{"lang": "en", "value": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "OS command injection"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-18T09:43:35.233Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39944", "state": "PUBLISHED", "dateUpdated": "2024-10-08T14:37:06.331Z", "dateReserved": "2023-08-09T11:54:55.787Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-08-18T09:43:35.233Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-f1167acf_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0233A6C1-4F74-4347-B204-899F0504E713", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-f1167acf:-:*:*:*:*:*:*:*", "matchCriteriaId": "C244EA13-D45C-4968-A330-3AD80F588537", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-1750ghbk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E00CABDD-B213-4DAA-9FC4-D907AC465134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-1750ghbk:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D1F1675-60C1-4150-8306-1592F88D3DAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request."}, {"lang": "es", "value": "La vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en WRC-F1167ACF todas las versiones y WRC-1750GHBK todas las versiones permite a un atacante que pueda acceder al producto ejecutar un comando arbitrario del sistema operativo enviando una solicitud especialmente dise\u00f1ada.\n"}], "id": "CVE-2023-39944", "lastModified": "2024-11-21T08:16:05.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-08-18T10:15:12.403", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU91630351/"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20230810-01/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU91630351/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20230810-01/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "[email protected]", "type": "Primary"}]}