JVNVU#91630351
Multiple vulnerabilities in ELECOM and LOGITEC network devices

Overview

Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities.

Products Affected

CVE-2023-32626

• LAN-W300N/RS all versions
• LAN-W300N/PR5 all versions

• LAN-W300N/DR all versions
• LAN-WH300N/DR all versions
• LAN-W300N/P all versions
• LAN-WH450N/GP all versions
• LAN-WH300AN/DGP all versions
• LAN-WH300N/DGP all versions
• LAN-WH300ANDGPE all versions

• LAN-W451NGR all versions

• LAN-WH300N/RE all versions

• WRC-X1800GS-B v1.13 and earlier
• WRC-X1800GSA-B v1.13 and earlier
• WRC-X1800GSH-B v1.13 and earlier

• WRC-600GHBK-A all versions
• WRC-1467GHBK-A all versions
• WRC-1900GHBK-A all versions
• WRC-733FEBK2-A all versions
• WRC-F1167ACF2 all versions
• WRC-1467GHBK-S all versions
• WRC-1900GHBK-S all versions

• WRC-F1167ACF all versions
• WRC-1750GHBK all versions

• WRC-F1167ACF all versions
• WRC-1750GHBK all versions
• WRC-1167GHBK2 all versions
• WRC-1750GHBK2-I all versions
• WRC-1750GHBK-E all versions

• WAB-S600-PS all versions
• WAB-S300 all versions
• WAB-M1775-PS v1.1.21 and earlier
• WAB-S1775 v1.1.9 and earlier
• WAB-S1167 v1.0.7 and earlier
• WAB-M2133 v1.3.22 and earlier

Description

Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.

• Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Base Score: 8.8
  CVSS v2	AV:A/AC:L/Au:N/C:P/I:P/A:P	Base Score: 5.8

• Telnet service access restriction failure (CWE-284) - CVE-2023-38132

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Base Score: 8.8
  CVSS v2	AV:A/AC:L/Au:N/C:P/I:P/A:P	Base Score: 5.8

• Hidden Functionality (CWE-912) - CVE-2023-38576

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	Base Score: 6.8
  CVSS v2	AV:A/AC:L/Au:S/C:P/I:P/A:P	Base Score: 5.2

• Buffer overflow (CWE-120) - CVE-2023-39454

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Base Score: 8.8
  CVSS v2	AV:A/AC:L/Au:N/C:C/I:C/A:C	Base Score: 8.3

• OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	Base Score: 6.8
  CVSS v2	AV:A/AC:L/Au:S/C:P/I:P/A:P	Base Score: 5.2

• OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Base Score: 8.8
  CVSS v2	AV:A/AC:L/Au:N/C:P/I:P/A:P	Base Score: 5.8

Impact

• An unauthenticated attacker may log in to the product's certain management console and execute arbitrary OS commands - CVE-2023-32626, CVE-2023-35991
• An unauthenticated attacker may log in to telnet service - CVE-2023-38132
• An authenticated user may execute arbitrary OS commands on a certain management console - CVE-2023-38576
• An unauthenticated attacker may execute arbitrary code by sending a specially crafted file to the product's certain management console - CVE-2023-39445
• An unauthenticated attacker may execute arbitrary code - CVE-2023-39454
• An authenticated user may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39455, CVE-2023-40072
• An attacker who can access the product may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39944, CVE-2023-40069

Solution

Update the firmware
For WRC-X1800GS-B, WRC-X1800GSA-B, WRC-X1800GSH-B, WAB-M1775-PS, WAB-S1775, WAB-S1167, and WAB-M2133, update the firmware to the latest version according to the information provided by the developer.

Apply the workaround
For WAB-S600-PS and WAB-S300, applying the following workarounds may mitigate the impact of CVE-2023-40072 issue.

• Change the setting page's login password
• Do not access other websites while logged in to the setting page
• Close the web browser after finishing operations on the setting page
• Delete the password for the setting page saved in the web browser