CVE-2023-37566

Name of the Vulnerable Software and Affected Versions ELECOM WRC-1167GHBK3-A versions 1.24 and earlier ELECOM WRC-1167FEBK-A versions 1.18 and earlier ELECOM WRC-F1167ACF2 all versions ELECOM WRC-600GHBK-A all versions ELECOM WRC-733FEBK2-A all versions ELECOM WRC-1467GHBK-A all versions ELECOM WRC-1900GHBK-A all versions ELECOM LAN-W301NR all versions LOGITEC wireless LAN routers (affected versions not specified)

Description A command injection issue allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.

Recommendations For ELECOM WRC-1167GHBK3-A versions 1.24 and earlier, update to a version later than 1.24. For ELECOM WRC-1167FEBK-A versions 1.18 and earlier, update to a version later than 1.18. For ELECOM WRC-F1167ACF2, WRC-600GHBK-A, WRC-733FEBK2-A, WRC-1467GHBK-A, WRC-1900GHBK-A, and LAN-W301NR, restrict access to the web management page until a fix is available. For LOGITEC wireless LAN routers, at the moment, there is no information about a newer version that contains a fix for this issue.