PT-2023-28965 · Unknown · Wrc-X3000Gs2A-B+1
Chuya Hayakawa
·
Published
2023-11-16
·
Updated
2023-11-29
·
CVE-2023-43752
CVSS v3.1
8.0
High
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WRC-X3000GS2-W versions 1.05 and earlier
WRC-X3000GS2-B versions 1.05 and earlier
WRC-X3000GS2A-B versions 1.05 and earlier
Description
The issue allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. This is an OS command injection vulnerability.
Recommendations
For WRC-X3000GS2-W versions 1.05 and earlier, update to a version later than 1.05 to resolve the issue.
For WRC-X3000GS2-B versions 1.05 and earlier, update to a version later than 1.05 to resolve the issue.
For WRC-X3000GS2A-B versions 1.05 and earlier, update to a version later than 1.05 to resolve the issue.
As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wrc-X3000Gs2-B
Wrc-X3000Gs2A-B