CVE-2023-37567

Name of the Vulnerable Software and Affected Versions ELECOM WRC-1167GHBK3-A versions 1.24 and earlier ELECOM WRC-F1167ACF2 all versions ELECOM WRC-600GHBK-A all versions ELECOM WRC-733FEBK2-A all versions ELECOM WRC-1467GHBK-A all versions ELECOM WRC-1900GHBK-A all versions ELECOM LAN-W301NR all versions LOGITEC wireless LAN routers (affected versions not specified)

Description A command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page.

Recommendations For ELECOM WRC-1167GHBK3-A versions 1.24 and earlier, update to a version later than 1.24. For ELECOM WRC-F1167ACF2, WRC-600GHBK-A, WRC-733FEBK2-A, WRC-1467GHBK-A, WRC-1900GHBK-A, and LAN-W301NR, restrict access to the web management page until a patch is available. For LOGITEC wireless LAN routers, at the moment, there is no information about a newer version that contains a fix for this vulnerability.