CVE-2023-39944

HIGH EPSS 65.2%

Published Aug 18, 20232y ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Aug 18, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.

CVSS Details

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

65.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 4

Vendor	Product	Version	Range
elecom	wrc-f1167acf_firmware	*	any
elecom	wrc-f1167acf	*	any
elecom	wrc-1750ghbk_firmware	*	any
elecom	wrc-1750ghbk	*	any

References 2

jvn.jp https://jvn.jp/en/vu/JVNVU91630351/

Third Party Advisory
elecom.co.jp https://www.elecom.co.jp/news/security/20230810-01/

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.