CVE-2023-43752

HIGH

WRC-X3000GS2-W <1.05 - Command Injection

Title source: llm
STIX 2.1

Description

OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request.

References (2)

Core 2

Scores

CVSS v3 8.0
EPSS 0.0100
EPSS Percentile 58.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (3)
elecom/wrc-x3000gs2-b_firmware < 1.05
elecom/wrc-x3000gs2-w_firmware < 1.05
elecom/wrc-x3000gs2a-b_firmware < 1.05
Published Nov 16, 2023
Tracked Since Feb 18, 2026