CVE-2023-37563

MEDIUM

ELECOM wireless LAN routers - Info Disclosure

Title source: llm

Description

ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.

References (3)

[Third Party Advisory] https://jvn.jp/en/jp/JVN05223215/

[Vendor Advisory] https://www.elecom.co.jp/news/security/20230711-01/

[Various Sources] https://www.elecom.co.jp/news/security/20230810-01/

Scores

CVSS v3 6.5

EPSS 0.0012

EPSS Percentile 31.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-922

Status published

Products (5)

elecom/wrc-1167febk-a_firmware < 1.18

elecom/wrc-1167febk-s_firmware < 1.04

elecom/wrc-1167gebk-s_firmware < 1.03

elecom/wrc-1167ghbk-s_firmware < 1.03

elecom/wrc-1167ghbk3-a_firmware < 1.24

Published Jul 13, 2023

Tracked Since Feb 18, 2026