CVE-2023-35991

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
elecomlan-wh300andgpe_firmware
*
elecomlan-wh300n\/dgp_firmware
*
elecomlan-wh300an\/dgp_firmware
*
elecomlan-wh450n\/gp_firmware
*
elecomlan-w300n\/p_firmware
*
elecomlan-wh300n\/dr_firmware
*
elecomlan-w300n\/dr_firmware
*
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
elecomlan-wh450n\/gp_firmware
𝑥
< *
ADP
References
https://jvn.jp/en/vu/JVNVU91630351/
https://www.elecom.co.jp/news/security/20230810-01/
https://jvn.jp/en/vu/JVNVU91630351/
https://www.elecom.co.jp/news/security/20230810-01/