CVE-2023-37561

Name of the Vulnerable Software and Affected Versions ELECOM WRH-300WH-H versions 2.12 and earlier ELECOM WTC-300HWH versions 1.09 and earlier ELECOM WTC-C1167GC-B versions 1.17 and earlier ELECOM WTC-C1167GC-W versions 1.17 and earlier

Description The issue allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. This can be exploited by a remote attacker to trick users into revealing sensitive information.

Recommendations For ELECOM WRH-300WH-H versions 2.12 and earlier, update to a version later than 2.12 to resolve the issue. For ELECOM WTC-300HWH versions 1.09 and earlier, update to a version later than 1.09 to resolve the issue. For ELECOM WTC-C1167GC-B versions 1.17 and earlier, update to a version later than 1.17 to resolve the issue. For ELECOM WTC-C1167GC-W versions 1.17 and earlier, update to a version later than 1.17 to resolve the issue. As a temporary workaround, consider restricting access to the router's web interface to minimize the risk of exploitation.