Vulnerability Details : CVE-2023-35991
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.
Products affected by CVE-2023-35991
- cpe:2.3:o:elecom:lan-wh300andgpe_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:elecom:lan-wh300n\/dgp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:elecom:lan-wh300an\/dgp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:elecom:lan-wh450n\/gp_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:elecom:lan-w300n\/p_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:elecom:lan-wh300n\/dr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:elecom:lan-w300n\/dr_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-35991
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-35991
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-21 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2023-35991
-
https://www.elecom.co.jp/news/security/20230810-01/
無線LANルーターなど一部のネットワーク製品における 代替製品への切り替えのお願い - 最新情報 - セキュリティ情報|ELECOMVendor Advisory
-
https://jvn.jp/en/vu/JVNVU91630351/
JVNVU#91630351: Multiple vulnerabilities in ELECOM and LOGITEC network devicesThird Party Advisory
Jump to