JVN#05223215: Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters

Overview

Multiple ELECOM wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities.

Products Affected

CVE-2023-37560

WRH-300WH-H v2.12 and earlier
WTC-300HWH v1.09 and earlier

CVE-2023-37561

WRH-300WH-H v2.12 and earlier
WTC-300HWH v1.09 and earlier
WTC-C1167GC-B v1.17 and earlier
WTC-C1167GC-W v1.17 and earlier

CVE-2023-37562

WTC-C1167GC-B v1.17 and earlier
WTC-C1167GC-W v1.17 and earlier

CVE-2023-37563

WRC-1167GHBK-S v1.03 and earlier
WRC-1167GEBK-S v1.03 and earlier
WRC-1167FEBK-S v1.04 and earlier
WRC-1167GHBK3-A v1.24 and earlier
WRC-1167FEBK-A v1.18 and earlier
WRC-F1167ACF2 all versions
WRC-600GHBK-A all versions
WRC-733FEBK2-A all versions
WRC-1467GHBK-A all versions
WRC-1467GHBK-S all versions
WRC-1900GHBK-A all versions
WRC-1900GHBK-S all versions

CVE-2023-37564, CVE-2023-37565

WRC-1167GHBK-S v1.03 and earlier
WRC-1167GEBK-S v1.03 and earlier
WRC-1167FEBK-S v1.04 and earlier
WRC-1167GHBK3-A v1.24 and earlier
WRC-1167FEBK-A v1.18 and earlier

Description

Wireless LAN routers and wireless LAN repeaters provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

Cross-site Scripting (CWE-79) - CVE-2023-37560

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1

CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
Open Redirect (CWE-601) - CVE-2023-37561

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Base Score: 4.7

CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
Cross-Site Request Forgery (CWE-352) - CVE-2023-37562

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3

CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
Information disclosure (CWE-200) - CVE-2023-37563

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5

CVSS v2 AV:A/AC:L/Au:N/C:P/I:N/A:N Base Score: 3.3
OS Command Injection (CWE-78) - CVE-2023-37564

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8

CVSS v2 AV:A/AC:L/Au:S/C:C/I:C/A:C Base Score: 7.7
Code Injection (CWE-94) - CVE-2023-37565

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8

CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2

Impact

An arbitrary script may be executed on a logged-in user's web browser - CVE-2023-37560
When accessing a specially crafted URL, the user of the website using the affected product may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack - CVE-2023-37561
If a user views a malicious page while logged in, unintended operations may be performed - CVE-2023-37562
A network-adjacent attacker who can access the affected product may obtain sensitive information - CVE-2023-37563
A network-adjacent authenticated attacker may execute an arbitrary OS command with root privilege by sending a specially crafted request - CVE-2023-37564
A network-adjacent authenticated attacker may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-37565

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Stop using the products
Some vulnerable products are no longer supported. For more information, refer to the security advisory from the developer and stop using the products.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
ELECOM CO.,LTD.	Vulnerable	2023/08/10	ELECOM CO.,LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2023-37560
Yamaguchi Kakeru reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-37561, CVE-2023-37562
Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-37563
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC during the same period, and JPCERT/CC coordinated with the developer.

CVE-2023-37564
Shu Yoshikoshi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2023-37565
MASAHIRO IIDA and SHUTA IDE of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2023-37560
	CVE-2023-37561
	CVE-2023-37562
	CVE-2023-37563
	CVE-2023-37564
	CVE-2023-37565
JVN iPedia	JVNDB-2023-000071

Update History

2023/08/10: Information under the section [Products Affected] and [Solution] was updated
2023/08/10: ELECOM CO.,LTD. update status

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Base Score: 6.1
CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N	Base Score: 4.7
CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	Base Score: 4.3
CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Base Score: 6.5
CVSS v2	AV:A/AC:L/Au:N/C:P/I:N/A:N	Base Score: 3.3

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	Base Score: 6.8
CVSS v2	AV:A/AC:L/Au:S/C:C/I:C/A:C	Base Score: 7.7

JVN#05223215 Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters