Published:2023/08/10 Last Updated:2024/08/27
JVNVU#91630351
Multiple vulnerabilities in ELECOM and LOGITEC network devices
Overview
Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities.
Products Affected
CVE-2023-32626
- LAN-W300N/RS all versions
- LAN-W300N/PR5 all versions
- LAN-W300N/DR all versions
- LAN-WH300N/DR all versions
- LAN-W300N/P all versions
- LAN-WH450N/GP all versions
- LAN-WH300AN/DGP all versions
- LAN-WH300N/DGP all versions
- LAN-WH300ANDGPE all versions
- LAN-W451NGR all versions
- LAN-WH300N/RE all versions
- WRC-X1800GS-B v1.13 and earlier
- WRC-X1800GSA-B v1.13 and earlier
- WRC-X1800GSH-B v1.13 and earlier
- WRC-600GHBK-A all versions
- WRC-1467GHBK-A all versions
- WRC-1900GHBK-A all versions
- WRC-733FEBK2-A all versions
- WRC-F1167ACF2 all versions
- WRC-1467GHBK-S all versions
- WRC-1900GHBK-S all versions
- WRC-F1167ACF all versions
- WRC-1750GHBK all versions
- WRC-F1167ACF all versions
- WRC-1750GHBK all versions
- WRC-1167GHBK2 all versions
- WRC-1750GHBK2-I all versions
- WRC-1750GHBK-E all versions
- WAB-S600-PS all versions
- WAB-S300 all versions
- WAB-S1775 v1.1.9 and earlier
- WAB-M1775-PS v1.1.21 and earlier
- WAB-S1167 v1.0.7 and earlier
- WAB-M2133 v1.3.22 and earlier
- WAB-I1750-PS v1.5.10 and earlier
- WAB-S1167-PS v1.5.6 and earlier
Description
Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
- Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8 - Telnet service access restriction failure (CWE-284) - CVE-2023-38132
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8 - Hidden Functionality (CWE-912) - CVE-2023-38576
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8 CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2 - Buffer overflow (CWE-120) - CVE-2023-39454
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 CVSS v2 AV:A/AC:L/Au:N/C:C/I:C/A:C Base Score: 8.3 - OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8 CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2 - OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
Impact
- An unauthenticated attacker may log in to the product's certain management console and execute arbitrary OS commands - CVE-2023-32626, CVE-2023-35991
- An unauthenticated attacker may log in to telnet service - CVE-2023-38132
- An authenticated user may execute arbitrary OS commands on a certain management console - CVE-2023-38576
- An unauthenticated attacker may execute arbitrary code by sending a specially crafted file to the product's certain management console - CVE-2023-39445
- An unauthenticated attacker may execute arbitrary code - CVE-2023-39454
- An authenticated user may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39455, CVE-2023-40072
- An attacker who can access the product may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39944, CVE-2023-40069
Solution
Update the firmware
For WRC-X1800GS-B, WRC-X1800GSA-B, WRC-X1800GSH-B, WAB-M1775-PS, WAB-S1775, WAB-S1167, WAB-M2133, WAB-I1750-PS, and WAB-S1167-PS, update the firmware to the latest version according to the information provided by the developer.
Apply the workaround
For WAB-S600-PS and WAB-S300, applying the following workarounds may mitigate the impact of CVE-2023-40072 issue.
- Change the setting page's login password
- Do not access other websites while logged in to the setting page
- Close the web browser after finishing operations on the setting page
- Delete the password for the setting page saved in the web browser
According to the developer, the rest of the affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| ELECOM CO.,LTD. | Vulnerable | 2024/08/20 | ELECOM CO.,LTD. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-32626 |
|
CVE-2023-35991 |
|
|
CVE-2023-38132 |
|
|
CVE-2023-38576 |
|
|
CVE-2023-39445 |
|
|
CVE-2023-39454 |
|
|
CVE-2023-39455 |
|
|
CVE-2023-39944 |
|
|
CVE-2023-40069 |
|
|
CVE-2023-40072 |
|
| JVN iPedia |
|
Update History
- 2023/08/10
- ELECOM CO.,LTD. update status
- 2023/11/14
- ELECOM CO.,LTD. update status
- 2023/11/14
- Information under the section [Products Affected] and [Solution] was updated
- 2024/01/23
- ELECOM CO.,LTD. update status
- 2024/01/23
- Information under the section [Products Affected] and [Solution] was updated
- 2024/02/20
- ELECOM CO.,LTD. update status
- 2024/02/20
- Information under the section [Products Affected] and [Solution] was updated
- 2024/08/27
- ELECOM CO.,LTD. update status
- 2024/08/27
- Information under the section [Products Affected] and [Solution] was updated