CVE-2023-43752

HIGH EPSS 58.4%

Published Nov 16, 20232y ago · Modified Jun 17, 20261w ago

8.0 CVSS 3.1

High

Published Nov 16, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.

CVSS Details

Base Score

8.0

Exploitability

2.1

Impact

5.9

Vector string

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

58.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 6

Vendor	Product	Version	Range
elecom	wrc-x3000gs2-w_firmware	*	≤1.05
elecom	wrc-x3000gs2-w	*	any
elecom	wrc-x3000gs2-b_firmware	*	≤1.05
elecom	wrc-x3000gs2-b	*	any
elecom	wrc-x3000gs2a-b_firmware	*	≤1.05
elecom	wrc-x3000gs2a-b	*	any

References 2

jvn.jp https://jvn.jp/en/vu/JVNVU94119876/

Third Party Advisory
elecom.co.jp https://www.elecom.co.jp/news/security/20231114-01/

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.