CVE-2023-35991

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU91630351/	Third Party Advisory
https://www.elecom.co.jp/news/security/20230810-01/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elecom:lan-wh300andgpe:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:elecom:lan-wh300n\/dgp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elecom:lan-wh300n\/dgp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:elecom:lan-wh300an\/dgp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elecom:lan-wh300an\/dgp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:elecom:lan-wh450n\/gp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elecom:lan-wh450n\/gp:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:elecom:lan-w300n\/p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elecom:lan-w300n\/p:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:elecom:lan-wh300n\/dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elecom:lan-wh300n\/dr:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:elecom:lan-w300n\/dr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:elecom:lan-w300n\/dr:-:*:*:*:*:*:*:*

Information

Published : 2023-08-18 10:15

Updated : 2023-08-24 17:17

NVD link : CVE-2023-35991

Mitre link : CVE-2023-35991

JSON object : View

Products Affected

elecom

lan-wh300an\/dgp
lan-w300n\/p
lan-w300n\/dr
lan-wh450n\/gp_firmware
lan-wh450n\/gp
lan-wh300n\/dgp_firmware
lan-wh300n\/dr
lan-wh300andgpe_firmware
lan-wh300n\/dgp
lan-wh300an\/dgp_firmware
lan-w300n\/dr_firmware
lan-wh300n\/dr_firmware
lan-wh300andgpe
lan-w300n\/p_firmware

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://jvn.jp/en/vu/JVNVU91630351/", "name": "https://jvn.jp/en/vu/JVNVU91630351/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.elecom.co.jp/news/security/20230810-01/", "name": "https://www.elecom.co.jp/news/security/20230810-01/", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-35991", "ASSIGNER": "vultures@jpcert.or.jp"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-08-18T10:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300andgpe_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300andgpe:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/dgp_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/dgp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300an\\/dgp_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300an\\/dgp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:elecom:lan-wh450n\\/gp_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:elecom:lan-wh450n\\/gp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/p_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:elecom:lan-wh300n\\/dr_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:elecom:lan-wh300n\\/dr:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:elecom:lan-w300n\\/dr_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:elecom:lan-w300n\\/dr:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-24T17:17Z"}