CVE-2023-35991 | Severity.io

Description

Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.

Related CPE's

lan-wh300andgpe_firmware

Vulnerable

lan-wh300andgpe

lan-wh300n\/dgp_firmware

Vulnerable

lan-wh300n\/dgp

lan-wh300an\/dgp_firmware

Vulnerable

lan-wh300an\/dgp

lan-wh450n\/gp_firmware

Vulnerable

lan-w300n\/p_firmware

Vulnerable

lan-wh300n\/dr_firmware

Vulnerable

lan-w300n\/dr_firmware

Vulnerable

References

https://jvn.jp/en/vu/JVNVU91630351/

Third Party Advisory

https://www.elecom.co.jp/news/security/20230810-01/

Vendor Advisory

https://jvn.jp/en/vu/JVNVU91630351/

Third Party Advisory

https://www.elecom.co.jp/news/security/20230810-01/

Vendor Advisory

Weaknesses

[email protected]

Primary

NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-08-18T08:15:10.267Z

2 years ago

Last modified

2024-11-21T07:09:07.520Z

1 year ago