Details of VAR-202308-2592

ID

VAR-202308-2592

CVE

CVE-2023-39454

TITLE

Multiple vulnerabilities in ELECOM and Logitech network equipment

Trust: 0.8

sources: JVNDB: JVNDB-2023-002797

DESCRIPTION

Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code. Network equipment provided by ELECOM Co., Ltd. and Logitech Co., Ltd. contains the following multiple vulnerabilities. * Unpublished features (CWE-912) - CVE-2023-32626 , CVE-2023-35991 , CVE-2023-39445 It was * Telnet Inadequate access restrictions to services (CWE-284) - CVE-2023-38132 It was * Unpublished features (CWE-912) - CVE-2023-38576 It was * buffer overflow (CWE-120) - CVE-2023-39454 It was * OS Command injection (CWE-78) - CVE-2023-39455 , CVE-2023-40072 It was * OS Command injection (CWE-78) - CVE-2023-39944 , CVE-2023-40069 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party with access to the product logs into a specific operation screen and performs arbitrary operations. OS Command is executed - CVE-2023-32626 , CVE-2023-35991 It was * by a third party who has access to the product; telnet logged into the service - CVE-2023-38132 It was * A third party who can log in to the product may perform arbitrary actions from a specific operation screen. OS Command is executed - CVE-2023-38576 It was * A third party with access to the product sends a specially crafted file to a specific operation screen and executes arbitrary code. - CVE-2023-39445 It was * Arbitrary code can be executed by a third party who has access to the product - CVE-2023-39454 It was * A third party who can log in to the product sends a specially crafted request and sends an arbitrary request. OS Command is executed - CVE-2023-39455 , CVE-2023-40072 It was * A third party with access to the product may send a specially crafted request to OS Command is executed - CVE-2023-39944 , CVE-2023-40069

Trust: 1.71

sources: NVD: CVE-2023-39454 // JVNDB: JVNDB-2023-002797 // VULMON: CVE-2023-39454

AFFECTED PRODUCTS

vendor:	elecom	model:	wrc-x1800gs-b	scope:	lte	version:	1.13	Trust: 1.0
vendor:	elecom	model:	wrc-x1800gsa-b	scope:	lte	version:	1.13	Trust: 1.0
vendor:	elecom	model:	wrc-x1800gsh-b	scope:	lte	version:	1.13	Trust: 1.0
vendor:	エレコム株式会社	model:	wrc-x1800gsh-b	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-f1167acf2	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-f1167acf	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-m1775-ps	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1750ghbk-e	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-x6000qsa-g	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1167ghbk2	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-600ghbk-a	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-w300n/dr	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-w451ngr	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-wh300n/dgp	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-s1775	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-s1167	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1750ghbk2-i	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-x6000qs-g	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1467ghbk-a	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-wh300n/re	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-s300	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-s600-ps	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-x1800gs-b	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1900ghbk-s	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-x1800gsa-b	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-m2133	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-733febk2-a	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-wh300andgpe	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-wh450n/gp	scope:	eq	version:	all s (cve-2023-35991)	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-wh300n/dr	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-w300n/rs	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1750ghbk	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1467ghbk-s	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-i1750-ps	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-wh300an/dgp	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wab-s1167-ps	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-w300n/pr5	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1900ghbk-a	scope:	-	version:	-	Trust: 0.8
vendor:	ロジテック株式会社	model:	lan-w300n/p	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-39454

CVSS

SEVERITY

CVSSV2

CVSSV3

vultures@jpcert.or.jp:	CVE-2023-39454
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2023-39454
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2023-002797
value:	HIGH
Trust: 0.8

vultures@jpcert.or.jp:	CVE-2023-39454
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
nvd@nist.gov:	CVE-2023-39454
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-002797
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-39454 // NVD: CVE-2023-39454

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Classic buffer overflow (CWE-120) [ others ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ others ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8
problemtype:	Unpublished features (CWE-912) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-39454

PATCH

title:

wireless LAN Request for firmware update to improve router/repeater security ELECOM CO., LTD.

url:

https://www.elecom.co.jp/news/security/

Trust: 0.8

sources: JVNDB: JVNDB-2023-002797

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39454	Trust: 2.7
db:	JVN	id:	JVNVU91630351	Trust: 1.9
db:	JVNDB	id:	JVNDB-2023-002797	Trust: 0.8
db:	VULMON	id:	CVE-2023-39454	Trust: 0.1

sources: VULMON: CVE-2023-39454 // JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-39454

REFERENCES

url:	https://www.elecom.co.jp/news/security/20230711-01/	Trust: 1.1
url:	https://jvn.jp/en/vu/jvnvu91630351/	Trust: 1.1
url:	http://jvn.jp/vu/jvnvu91630351/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-32626	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-35991	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-38132	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-38576	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39445	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39454	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39455	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39944	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-40069	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-40072	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-39454 // JVNDB: JVNDB-2023-002797 // NVD: CVE-2023-39454

SOURCES

db:	VULMON	id:	CVE-2023-39454
db:	JVNDB	id:	JVNDB-2023-002797
db:	NVD	id:	CVE-2023-39454

LAST UPDATE DATE

2025-02-18T23:17:15.011000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-39454	date:	2023-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2023-002797	date:	2025-02-13T06:04:00
db:	NVD	id:	CVE-2023-39454	date:	2025-02-17T06:15:11.097

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-39454	date:	2023-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2023-002797	date:	2023-08-15T00:00:00
db:	NVD	id:	CVE-2023-39454	date:	2023-08-18T10:15:12.280