CVE-2023-37566

HIGH Year: 2023
CVSS v3 Score
8.0
High
Weakness Type
CWE-77
View all →

Vulnerability Description

Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.

Related Vulnerabilities

CVE-2016-4822

HIGH
CVSS:8.0(High)

Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.

CWE-772016

CVE-2017-8193

HIGH
CVSS:8.0(High)

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerab...

CWE-772017

CVE-2019-3421

HIGH
CVSS:8.0(High)

The 7520V3V1.0.0B09P27 version, and all earlier versions of ZTE product ZX297520V3 are impacted by a Command Injection vulnerability. Unauthorized users can exploit this vulnerability to control the u...

CWE-772019

CVE-2020-11770

HIGH
CVSS:8.0(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 bef...

CWE-772020

CVE-2020-26929

HIGH
CVSS:8.0(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.

CWE-772020

CVE-2020-36650

HIGH
CVSS:8.0(High)

A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is...

CWE-772020