CVE-2023-28390

Name of the Vulnerable Software and Affected Versions ICOM SR-7100VN versions 1.38(N) and earlier ICOM SR-7100VN #31 versions 1.21 and earlier

Description The issue is related to incorrect privilege assignment in the firmware of ICOM SR-7100VN wireless VoIP routers. It allows a remote attacker to escalate privileges. A network-adjacent attacker with administrative privilege of the affected product can obtain administrative privilege of the Operating System, potentially executing arbitrary OS commands.

Recommendations For ICOM SR-7100VN versions 1.38(N) and earlier, update to a version later than 1.38(N) to resolve the issue. For ICOM SR-7100VN #31 versions 1.21 and earlier, update to a version later than 1.21 to resolve the issue. As a temporary workaround, consider restricting administrative access to the affected product until a patch is available.