CVE-2023-39455

Name of the Vulnerable Software and Affected Versions ELECOM WRC-600GHBK-A all versions ELECOM WRC-1467GHBK-A all versions ELECOM WRC-1900GHBK-A all versions ELECOM WRC-733FEBK2-A all versions ELECOM WRC-F1167ACF2 all versions ELECOM WRC-1467GHBK-S all versions ELECOM WRC-1900GHBK-S all versions

Description An OS command injection issue allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

Recommendations For ELECOM WRC-600GHBK-A, consider disabling access to the vulnerable API endpoint until a patch is available. For ELECOM WRC-1467GHBK-A, restrict access to the module that handles the specially crafted requests to minimize the risk of exploitation. For ELECOM WRC-1900GHBK-A, avoid using the vulnerable function that executes the OS command until the issue is resolved. For ELECOM WRC-733FEBK2-A, consider implementing additional security measures to prevent the execution of arbitrary OS commands. For ELECOM WRC-F1167ACF2, restrict access to the vulnerable parameter that allows the execution of OS commands. For ELECOM WRC-1467GHBK-S, consider disabling the vulnerable feature that allows the execution of arbitrary OS commands. For ELECOM WRC-1900GHBK-S, implement a workaround to prevent the exploitation of the OS command injection issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.