CVE-2023-37563 : ELECOM wireless LAN routers are vulnerable to sensitive information exposure, wh

ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.

Published 2023-07-13 03:15:10

Updated 2024-11-06 18:35:04

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2023-37563

Elecom » Wrc-1167ghbk3-a Firmware
Versions up to, including, (<=) 1.24
cpe:2.3:o:elecom:wrc-1167ghbk3-a_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167ghbk3-a » Version: N/A
Elecom » Wrc-1167febk-a Firmware
Versions up to, including, (<=) 1.18
cpe:2.3:o:elecom:wrc-1167febk-a_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167febk-a » Version: N/A
Elecom » Wrc-1167ghbk-s Firmware
Versions up to, including, (<=) 1.03
cpe:2.3:o:elecom:wrc-1167ghbk-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167ghbk-s » Version: N/A
Elecom » Wrc-1167gebk-s Firmware
Versions up to, including, (<=) 1.03
cpe:2.3:o:elecom:wrc-1167gebk-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167gebk-s » Version: N/A
Elecom » Wrc-1167febk-s Firmware
Versions up to, including, (<=) 1.04
cpe:2.3:o:elecom:wrc-1167febk-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167febk-s » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-37563

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-37563

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-37563

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-37563

https://www.elecom.co.jp/news/security/20230810-01/

無線LANルーターなど一部のネットワーク製品における代替製品への切り替えのお願い - 最新情報 - セキュリティ情報｜ELECOM

CVEs referencing this url
https://jvn.jp/en/jp/JVN05223215/

JVN#05223215: Multiple vulnerabilities in multiple ELECOM wireless LAN routers and wireless LAN repeaters
Third Party Advisory

CVEs referencing this url
https://www.elecom.co.jp/news/security/20230711-01/

無線LANルーター・中継器のセキュリティ向上のためのファームウェアアップデートのお願い - 最新情報 - セキュリティ情報｜ELECOM
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-37563

Products affected by CVE-2023-37563

Exploit prediction scoring system (EPSS) score for CVE-2023-37563

CVSS scores for CVE-2023-37563

CWE ids for CVE-2023-37563

References for CVE-2023-37563