Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-40072: Multiple vulnerabilities in ELECOM and LOGITEC network devices

OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

CVE
Open in Source
#vulnerability#web#git#buffer_overflow#auth#telnet

Published:2023/08/10 Last Updated:2023/08/10

Overview

Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities.

Products Affected

CVE-2023-32626

  • LAN-W300N/RS all versions
  • LAN-W300N/PR5 all versions

CVE-2023-35991

  • LAN-W300N/DR all versions
  • LAN-WH300N/DR all versions
  • LAN-W300N/P all versions
  • LAN-WH450N/GP all versions
  • LAN-WH300AN/DGP all versions
  • LAN-WH300N/DGP all versions
  • LAN-WH300ANDGPE all versions

CVE-2023-38132

  • LAN-W451NGR all versions

CVE-2023-38576、CVE-2023-39445

  • LAN-WH300N/RE all versions

CVE-2023-39454

  • WRC-X1800GS-B v1.13 and earlier
  • WRC-X1800GSA-B v1.13 and earlier
  • WRC-X1800GSH-B v1.13 and earlier

CVE-2023-39455

  • WRC-600GHBK-A all versions
  • WRC-1467GHBK-A all versions
  • WRC-1900GHBK-A all versions
  • WRC-733FEBK2-A all versions
  • WRC-F1167ACF2 all versions
  • WRC-1467GHBK-S all versions
  • WRC-1900GHBK-S all versions

CVE-2023-39944

  • WRC-F1167ACF all versions
  • WRC-1750GHBK all versions

CVE-2023-40069

  • WRC-F1167ACF all versions
  • WRC-1750GHBK all versions
  • WRC-1167GHBK2 all versions
  • WRC-1750GHBK2-I all versions
  • WRC-1750GHBK-E all versions

CVE-2023-40072

  • WAB-S600-PS all versions
  • WAB-S300 all versions

Description

Multiple network devices provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.

  • Hidden Functionality (CWE-912) - CVE-2023-32626, CVE-2023-35991, CVE-2023-39445

    CVSS v3

    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Base Score: 8.8

    CVSS v2

    AV:A/AC:L/Au:N/C:P/I:P/A:P

    Base Score: 5.8

  • Telnet service access restriction failure (CWE-284) - CVE-2023-38132

    CVSS v3

    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Base Score: 8.8

    CVSS v2

    AV:A/AC:L/Au:N/C:P/I:P/A:P

    Base Score: 5.8

  • Hidden Functionality (CWE-912) - CVE-2023-38576

    CVSS v3

    CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Base Score: 6.8

    CVSS v2

    AV:A/AC:L/Au:S/C:P/I:P/A:P

    Base Score: 5.2

  • Buffer overflow (CWE-120) - CVE-2023-39454

    CVSS v3

    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Base Score: 8.8

    CVSS v2

    AV:A/AC:L/Au:N/C:C/I:C/A:C

    Base Score: 8.3

  • OS Command Injection (CWE-78) - CVE-2023-39455, CVE-2023-40072

    CVSS v3

    CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    Base Score: 6.8

    CVSS v2

    AV:A/AC:L/Au:S/C:P/I:P/A:P

    Base Score: 5.2

  • OS Command Injection (CWE-78) - CVE-2023-39944, CVE-2023-40069

    CVSS v3

    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Base Score: 8.8

    CVSS v2

    AV:A/AC:L/Au:N/C:P/I:P/A:P

    Base Score: 5.8

Impact

  • An unauthenticated attacker may log in to the product’s certain management console and execute arbitrary OS commands - CVE-2023-32626, CVE-2023-35991
  • An unauthenticated attacker may log in to telnet service - CVE-2023-38132
  • An authenticated user may execute arbitrary OS commands on a certain management console - CVE-2023-38576
  • An unauthenticated attacker may execute arbitrary code by sending a specially crafted file to the product’s certain management console - CVE-2023-39445
  • An unauthenticated attacker may execute arbitrary code - CVE-2023-39454
  • An authenticated user may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39455, CVE-2023-40072
  • An attacker who can access the product may execute an arbitrary OS command by sending a specially crafted request - CVE-2023-39944, CVE-2023-40069

Solution

Update the firmware
For WRC-X1800GS-B, WRC-X1800GSA-B, and WRC-X1800GSH-B, update the firmware to the latest version according to the information provided by the developer.

Apply the workaround
For WAB-S600-PS and WAB-S300, applying the following workarounds may mitigate the impact of CVE-2023-40072 issue.

  • Change the setting page’s login password
  • Do not access other websites while logged in to the setting page
  • Close the web browser after finishing operations on the setting page
  • Delete the password for the setting page saved in the web browser

Stop using the products
According to the developer, the rest of the affected products are no longer supported. Stop using the vulnerable products and consider switching to alternatives.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

Other Information

Update History

2023/08/10

ELECOM CO.,LTD. update status

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE