CVE-2023-37564

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Jul 13, 2023
Updated: Jul 25, 2023
CWE ID 78

Summary

The vulnerability with the CVE ID name CVE-2023-37564 is an OS command injection vulnerability in ELECOM wireless LAN routers. It allows a network-adjacent authenticated attacker to execute an arbitrary OS command with root privilege by sending a specially crafted request. The affected products and versions include WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier. The vulnerability has a high severity rating with a base score of 8.0 according to [email protected]. It poses a potential danger to organizations as it allows unauthorized individuals to execute malicious commands on the affected routers, potentially leading to unauthorized access, data breaches, or other security incidents. Remediation should involve updating the firmware of the affected ELECOM wireless LAN routers to versions that have addressed this vulnerability.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37564 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options