CVE-2023-40072

Name of the Vulnerable Software and Affected Versions ELECOM wireless LAN access point devices (affected versions not specified) WAB-S600-PS all versions WAB-S300 all versions

Description The issue allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. This can be done through sending a crafted request to potentially vulnerable API endpoints, although specific endpoints are not mentioned. The username and password variables may be involved in the exploitation process, but this is not explicitly stated. The general process involves exploiting the vulnerability to gain unauthorized access to the system, potentially allowing for malicious activities.

Recommendations For ELECOM wireless LAN access point devices, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For WAB-S600-PS all versions, consider disabling any functionality that allows for OS command execution until a patch is available. For WAB-S300 all versions, restrict access to any modules or functions that may be used to send specially crafted requests to minimize the risk of exploitation.