6.5

CVE-2023-43757

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ElecomWrc-2533ghbk2-t Firmware Version-
   ElecomWrc-2533ghbk2-t Version-
ElecomWrc-2533ghbk-i Firmware Version-
   ElecomWrc-2533ghbk-i Version-
ElecomWrc-1750ghbk2-i Firmware Version-
   ElecomWrc-1750ghbk2-i Version-
ElecomWrc-1750ghbk-e Firmware Version-
   ElecomWrc-1750ghbk-e Version-
ElecomWrc-1750ghbk Firmware Version-
   ElecomWrc-1750ghbk Version-
ElecomWrc-1167ghbk2 Firmware Version-
   ElecomWrc-1167ghbk2 Version-
ElecomWrc-1167ghbk Firmware Version-
   ElecomWrc-1167ghbk Version-
ElecomWrc-f1167acf Firmware Version-
   ElecomWrc-f1167acf Version-
ElecomWrc-733ghbk Firmware Version-
   ElecomWrc-733ghbk Version-
ElecomWrc-733ghbk-i Firmware Version-
   ElecomWrc-733ghbk-i Version-
ElecomWrc-733ghbk-c Firmware Version-
   ElecomWrc-733ghbk-c Version-
ElecomWrc-300ghbk2-i Firmware Version-
   ElecomWrc-300ghbk2-i Version-
ElecomWrc-300ghbk Firmware Version-
   ElecomWrc-300ghbk Version-
ElecomWrc-733febk Firmware Version-
   ElecomWrc-733febk Version-
ElecomWrc-300febk Firmware Version-
   ElecomWrc-300febk Version-
ElecomWrc-f300nf Firmware Version-
   ElecomWrc-f300nf Version-
ElecomWrh-300wh-h Firmware Version-
   ElecomWrh-300wh-h Version-
ElecomWrh-300bk Firmware Version-
   ElecomWrh-300bk Version-
ElecomWrh-300wh Firmware Version-
   ElecomWrh-300wh Version-
ElecomWrh-300rd Firmware Version-
   ElecomWrh-300rd Version-
ElecomWrh-300sv Firmware Version-
   ElecomWrh-300sv Version-
ElecomWrh-300bk-s Firmware Version-
   ElecomWrh-300bk-s Version-
ElecomWrh-300wh-s Firmware Version-
   ElecomWrh-300wh-s Version-
ElecomWrh-300bk2-s Firmware Version-
   ElecomWrh-300bk2-s Version-
ElecomWrh-300wh2-s Firmware Version-
   ElecomWrh-300wh2-s Version-
ElecomWrh-h300bk Firmware Version-
   ElecomWrh-h300bk Version-
ElecomWrh-h300wh Firmware Version-
   ElecomWrh-h300wh Version-
ElecomWrh-150bk Firmware Version-
   ElecomWrh-150bk Version-
ElecomWrh-150wh Firmware Version-
   ElecomWrh-150wh Version-
ElecomLan-w300n/rs Firmware Version-
   ElecomLan-w300n/rs Version-
ElecomLan-w301nr Firmware Version-
   ElecomLan-w301nr Version-
ElecomLan-w300n/p Firmware Version-
   ElecomLan-w300n/p Version-
ElecomLan-wh300n/dgp Firmware Version-
   ElecomLan-wh300n/dgp Version-
ElecomLan-wh300ndgpe Firmware Version-
   ElecomLan-wh300ndgpe Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.385
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://www.elecom.co.jp/news/security/20210706-01/
Third Party Advisory
https://www.elecom.co.jp/news/security/20230810-01/
Third Party Advisory
https://www.elecom.co.jp/news/security/20231114-01/
Third Party Advisory
https://jvn.jp/en/vu/JVNVU94119876/
Third Party Advisory