Vulnerability Description
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elecom | Lan-Wh300Andgpe Firmware | All versions |
| Elecom | Lan-Wh300Andgpe | - |
| Elecom | Lan-Wh300N\/Dgp Firmware | All versions |
| Elecom | Lan-Wh300N\/Dgp | - |
| Elecom | Lan-Wh300An\/Dgp Firmware | All versions |
| Elecom | Lan-Wh300An\/Dgp | - |
| Elecom | Lan-Wh450N\/Gp Firmware | All versions |
| Elecom | Lan-Wh450N\/Gp | - |
| Elecom | Lan-W300N\/P Firmware | All versions |
| Elecom | Lan-W300N\/P | - |
| Elecom | Lan-Wh300N\/Dr Firmware | All versions |
| Elecom | Lan-Wh300N\/Dr | - |
| Elecom | Lan-W300N\/Dr Firmware | All versions |
| Elecom | Lan-W300N\/Dr | - |
References
- https://jvn.jp/en/vu/JVNVU91630351/Third Party Advisory
- https://www.elecom.co.jp/news/security/20230810-01/Vendor Advisory
- https://jvn.jp/en/vu/JVNVU91630351/Third Party Advisory
- https://www.elecom.co.jp/news/security/20230810-01/Vendor Advisory
FAQ
What is CVE-2023-35991?
CVE-2023-35991 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected ...
How severe is CVE-2023-35991?
CVE-2023-35991 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-35991?
Check the references section above for vendor advisories and patch information. Affected products include: Elecom Lan-Wh300Andgpe Firmware, Elecom Lan-Wh300Andgpe, Elecom Lan-Wh300N\/Dgp Firmware, Elecom Lan-Wh300N\/Dgp, Elecom Lan-Wh300An\/Dgp Firmware.