CVE-2023-40072

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 18, 2023

Updated: Feb 28, 2024

CWE ID 78

Summary

CVE-2023-40072 is a newly disclosed OS command injection vulnerability that impacts various ELECOM network devices. An authenticated user can exploit this flaw by sending a crafted request, enabling them to execute arbitrary OS commands on the affected systems. The following products and versions are vulnerable: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier. Successful exploitation could lead to serious consequences, including system compromise and data theft. Users are advised to apply the necessary patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database