CVE-2023-37563

13.07.2023, 03:15

ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
jpcert	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Vendor	Product	Version
elecom	wrc-1167ghbk-s_firmware	𝑥 ≤ 1.03
elecom	wrc-1167gebk-s_firmware	𝑥 ≤ 1.03
elecom	wrc-1167febk-s_firmware	𝑥 ≤ 1.04
elecom	wrc-1167ghbk3-a_firmware	𝑥 ≤ 1.24
elecom	wrc-1167febk-a_firmware	𝑥 ≤ 1.18

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-922 - Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.

References

https://jvn.jp/en/jp/JVN05223215/

https://www.elecom.co.jp/news/security/20230711-01/

https://www.elecom.co.jp/news/security/20230810-01/

https://jvn.jp/en/jp/JVN05223215/

https://www.elecom.co.jp/news/security/20230711-01/

https://www.elecom.co.jp/news/security/20230810-01/