CVE-2023-40069

Name of the Vulnerable Software and Affected Versions ELECOM WRC-F1167ACF all versions ELECOM WRC-1750GHBK all versions ELECOM WRC-1167GHBK2 all versions ELECOM WRC-1750GHBK2-I all versions ELECOM WRC-1750GHBK-E all versions

Description An OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.

Recommendations For ELECOM WRC-F1167ACF, consider disabling access to the vulnerable API endpoint until a patch is available. For ELECOM WRC-1750GHBK, restrict access to the router's configuration page to minimize the risk of exploitation. For ELECOM WRC-1167GHBK2, avoid using the router's web interface until the issue is resolved. For ELECOM WRC-1750GHBK2-I, consider implementing additional security measures, such as firewall rules, to block malicious requests. For ELECOM WRC-1750GHBK-E, restrict access to the router's management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.