PT-2023-26019 · Elecom · Elecom Wtc-C1167Gc-W+3
Kentaro Ishii
·
Published
2023-07-13
·
Updated
2023-07-25
·
CVE-2023-37561
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ELECOM WRH-300WH-H versions 2.12 and earlier
ELECOM WTC-300HWH versions 1.09 and earlier
ELECOM WTC-C1167GC-B versions 1.17 and earlier
ELECOM WTC-C1167GC-W versions 1.17 and earlier
Description
The issue allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. This can be exploited by a remote attacker to trick users into revealing sensitive information.
Recommendations
For ELECOM WRH-300WH-H versions 2.12 and earlier, update to a version later than 2.12 to resolve the issue.
For ELECOM WTC-300HWH versions 1.09 and earlier, update to a version later than 1.09 to resolve the issue.
For ELECOM WTC-C1167GC-B versions 1.17 and earlier, update to a version later than 1.17 to resolve the issue.
For ELECOM WTC-C1167GC-W versions 1.17 and earlier, update to a version later than 1.17 to resolve the issue.
As a temporary workaround, consider restricting access to the router's web interface to minimize the risk of exploitation.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elecom Wrh-300Wh-H
Elecom Wtc-300Hwh
Elecom Wtc-C1167Gc-B
Elecom Wtc-C1167Gc-W