CVE-2023-39454 - Vulnerability Details - OpenCVE

Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Elecom	Wrc-x1800gs-b Wrc-x1800gs-b Firmware Wrc-x1800gsa-b Wrc-x1800gsa-b Firmware Wrc-x1800gsh-b Wrc-x1800gsh-b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:elecom:wrc-x1800gs-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:elecom:wrc-x1800gsa-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:elecom:wrc-x1800gsh-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU91630351/
https://www.elecom.co.jp/news/security/20230711-01/

History

Mon, 17 Feb 2025 05:45:00 +0000

Type	Values Removed	Values Added
Description	Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code.	Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code.
Metrics		cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 08 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-08-18T09:41:14.665Z

Updated: 2025-02-17T05:39:37.805Z

Reserved: 2023-08-09T11:55:02.234Z

Link: CVE-2023-39454

Vulnrichment

Updated: 2024-08-02T18:10:20.682Z

NVD

Status : Modified

Published: 2023-08-18T10:15:12.280

Modified: 2025-02-17T06:15:11.097

Link: CVE-2023-39454

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39454", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-08-09T11:55:02.234Z", "datePublished": "2023-08-18T09:41:14.665Z", "dateUpdated": "2025-02-17T05:39:37.805Z"}, "containers": {"cna": {"affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-X1800GS-B", "versions": [{"version": "v1.13 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X1800GSA-B", "versions": [{"version": "v1.13 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X1800GSH-B", "versions": [{"version": "v1.13 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X6000QS-G", "versions": [{"version": "v1.13 and earlier", "status": "affected"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X6000QSA-G", "versions": [{"version": "v1.13 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "Buffer overflow", "lang": "en-US", "cweId": "CWE-120", "type": "CWE"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20230711-01/"}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-02-17T05:39:37.805Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.682Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.elecom.co.jp/news/security/20230711-01/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "elecom", "product": "wrc-x1800gs-b", "cpes": ["cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.13", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-x1800gsa-b", "cpes": ["cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.13", "versionType": "custom"}]}, {"vendor": "elecom", "product": "wrc-x1800gsh-b", "cpes": ["cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.13", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T14:40:56.456262Z", "id": "CVE-2023-39454", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:45:25.077Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.elecom.co.jp/news/security/20230711-01/", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.682Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39454", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-08T14:40:56.456262Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-x1800gs-b", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-x1800gsa-b", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*"], "vendor": "elecom", "product": "wrc-x1800gsh-b", "versions": [{"status": "affected", "version": "0", "lessThan": "1.13", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T14:44:29.345Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "ELECOM CO.,LTD.", "product": "WRC-X1800GS-B", "versions": [{"status": "affected", "version": "v1.13 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X1800GSA-B", "versions": [{"status": "affected", "version": "v1.13 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X1800GSH-B", "versions": [{"status": "affected", "version": "v1.13 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X6000QS-G", "versions": [{"status": "affected", "version": "v1.13 and earlier"}]}, {"vendor": "ELECOM CO.,LTD.", "product": "WRC-X6000QSA-G", "versions": [{"status": "affected", "version": "v1.13 and earlier"}]}], "references": [{"url": "https://www.elecom.co.jp/news/security/20230711-01/"}, {"url": "https://jvn.jp/en/vu/JVNVU91630351/"}], "descriptions": [{"lang": "en", "value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-120", "description": "Buffer overflow"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-02-17T05:39:37.805Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39454", "state": "PUBLISHED", "dateUpdated": "2025-02-17T05:39:37.805Z", "dateReserved": "2023-08-09T11:55:02.234Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2023-08-18T09:41:14.665Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-x1800gs-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "180230C8-AC98-43BA-8FB9-D32D75B5D004", "versionEndIncluding": "1.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-x1800gs-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "95667B22-5F8C-4774-9E69-2F4B9AF595AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-x1800gsa-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "09B2B059-11E9-4D03-A162-B06E56649167", "versionEndIncluding": "1.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-x1800gsa-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "3842FA46-4CA2-4ECE-8632-2C74E8D97CDB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-x1800gsh-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DD8EAED-69F6-47ED-B521-E675AD501B38", "versionEndIncluding": "1.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-x1800gsh-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "20EA8B33-784F-44E8-B215-DC2554709100", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow vulnerability exists in ELECOM wireless LAN routers, which may allow an unauthenticated attacker to execute arbitrary code."}, {"lang": "es", "value": "La vulnerabilidad de desbordamiento del b\u00fafer en WRC-X1800GS-B v1.13 y anteriores, WRC-X1800GSA-B v1.13 y anteriores, y WRC-X1800GSH-B v1.13 y anteriores permite a un atacante no autenticado ejecutar c\u00f3digo arbitrario.\n"}], "id": "CVE-2023-39454", "lastModified": "2025-02-17T06:15:11.097", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-18T10:15:12.280", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU91630351/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20230711-01/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU91630351/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20230711-01/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Secondary"}]}