Vulnerability Description
OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elecom | Wrc-F1167Acf Firmware | All versions |
| Elecom | Wrc-F1167Acf | - |
| Elecom | Wrc-1750Ghbk Firmware | All versions |
| Elecom | Wrc-1750Ghbk | - |
| Elecom | Wrc-1167Ghbk2 Firmware | All versions |
| Elecom | Wrc-1167Ghbk2 | - |
| Elecom | Wrc-1750Ghbk2-I Firmware | All versions |
| Elecom | Wrc-1750Ghbk2-I | - |
| Elecom | Wrc-1750Ghbk-E Firmware | All versions |
| Elecom | Wrc-1750Ghbk-E | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU91630351/Third Party Advisory
- https://www.elecom.co.jp/news/security/20230810-01/Vendor Advisory
- https://jvn.jp/en/vu/JVNVU91630351/Third Party Advisory
- https://www.elecom.co.jp/news/security/20230810-01/Vendor Advisory
FAQ
What is CVE-2023-40069?
CVE-2023-40069 is a vulnerability with a CVSS score of 9.8 (CRITICAL). OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected prod...
How severe is CVE-2023-40069?
CVE-2023-40069 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-40069?
Check the references section above for vendor advisories and patch information. Affected products include: Elecom Wrc-F1167Acf Firmware, Elecom Wrc-F1167Acf, Elecom Wrc-1750Ghbk Firmware, Elecom Wrc-1750Ghbk, Elecom Wrc-1167Ghbk2 Firmware.