Auto-Update: 2023-08-18T12:00:29.759037+00:00

2025-07-09 16:05:11 +00:00 · 2023-08-18 12:00:33 +00:00 · 2023-08-18 12:00:33 +00:00 · 8cf8ac7ad9
commit 8cf8ac7ad9
parent 8b20b3877b
16 changed files with 337 additions and 15 deletions
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32626.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32626.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-32626",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:09.617",
+  "lastModified": "2023-08-18T10:15:09.617",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-359xx/CVE-2023-35991.json
+++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35991.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-35991",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:10.267",
+  "lastModified": "2023-08-18T10:15:10.267",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-37563",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2023-07-13T03:15:09.927",
-  "lastModified": "2023-07-25T14:02:59.173",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-08-18T10:15:10.483",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Exposure of sensitive information to an unauthorized actor issue exists in ELECOM wireless LAN routers, which allows a network-adjacent attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier."
+      "value": "ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions."
    }
  ],
  "metrics": {
@ -202,6 +202,10 @@
      "tags": [
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37566.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37566.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-37566",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2023-07-13T02:15:09.517",
-  "lastModified": "2023-07-25T14:11:02.723",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-08-18T10:15:10.977",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page."
+      "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
    }
  ],
  "metrics": {
@ -118,6 +118,10 @@
      "tags": [
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37567.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37567.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-37567",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2023-07-13T02:15:09.563",
-  "lastModified": "2023-07-25T14:10:47.827",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-08-18T10:15:11.293",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page."
+      "value": "Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions."
    }
  ],
  "metrics": {
@ -90,6 +90,10 @@
      "tags": [
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-381xx/CVE-2023-38132.json
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38132.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-38132",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:11.370",
+  "lastModified": "2023-08-18T10:15:11.370",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-385xx/CVE-2023-38576.json
+++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38576.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-38576",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:11.427",
+  "lastModified": "2023-08-18T10:15:11.427",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-394xx/CVE-2023-39415.json
+++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39415.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-39415",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:11.620",
+  "lastModified": "2023-08-18T10:15:11.620",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN19661362/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.proself.jp/information/149/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.proself.jp/information/150/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-394xx/CVE-2023-39416.json
+++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39416.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-39416",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:11.887",
+  "lastModified": "2023-08-18T10:15:11.887",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN19661362/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.proself.jp/information/149/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.proself.jp/information/150/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-394xx/CVE-2023-39445.json
+++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39445.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-39445",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:12.037",
+  "lastModified": "2023-08-18T10:15:12.037",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-394xx/CVE-2023-39454.json
+++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39454.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-39454",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:12.280",
+  "lastModified": "2023-08-18T10:15:12.280",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230711-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-394xx/CVE-2023-39455.json
+++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39455.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-39455",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:12.337",
+  "lastModified": "2023-08-18T10:15:12.337",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-399xx/CVE-2023-39944.json
+++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39944.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-39944",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:12.403",
+  "lastModified": "2023-08-18T10:15:12.403",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-400xx/CVE-2023-40069.json
+++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40069.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-40069",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:12.653",
+  "lastModified": "2023-08-18T10:15:12.653",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-400xx/CVE-2023-40072.json
+++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40072.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-40072",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-18T10:15:12.847",
+  "lastModified": "2023-08-18T10:15:12.847",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU91630351/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-18T10:00:30.020146+00:00
+2023-08-18T12:00:29.759037+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-18T08:15:08.653000+00:00
+2023-08-18T10:15:12.847000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-222955
+222967
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `12`

-* [CVE-2023-30875](CVE-2023/CVE-2023-308xx/CVE-2023-30875.json) (`2023-08-18T08:15:08.653`)
+* [CVE-2023-32626](CVE-2023/CVE-2023-326xx/CVE-2023-32626.json) (`2023-08-18T10:15:09.617`)
+* [CVE-2023-35991](CVE-2023/CVE-2023-359xx/CVE-2023-35991.json) (`2023-08-18T10:15:10.267`)
+* [CVE-2023-38132](CVE-2023/CVE-2023-381xx/CVE-2023-38132.json) (`2023-08-18T10:15:11.370`)
+* [CVE-2023-38576](CVE-2023/CVE-2023-385xx/CVE-2023-38576.json) (`2023-08-18T10:15:11.427`)
+* [CVE-2023-39415](CVE-2023/CVE-2023-394xx/CVE-2023-39415.json) (`2023-08-18T10:15:11.620`)
+* [CVE-2023-39416](CVE-2023/CVE-2023-394xx/CVE-2023-39416.json) (`2023-08-18T10:15:11.887`)
+* [CVE-2023-39445](CVE-2023/CVE-2023-394xx/CVE-2023-39445.json) (`2023-08-18T10:15:12.037`)
+* [CVE-2023-39454](CVE-2023/CVE-2023-394xx/CVE-2023-39454.json) (`2023-08-18T10:15:12.280`)
+* [CVE-2023-39455](CVE-2023/CVE-2023-394xx/CVE-2023-39455.json) (`2023-08-18T10:15:12.337`)
+* [CVE-2023-39944](CVE-2023/CVE-2023-399xx/CVE-2023-39944.json) (`2023-08-18T10:15:12.403`)
+* [CVE-2023-40069](CVE-2023/CVE-2023-400xx/CVE-2023-40069.json) (`2023-08-18T10:15:12.653`)
+* [CVE-2023-40072](CVE-2023/CVE-2023-400xx/CVE-2023-40072.json) (`2023-08-18T10:15:12.847`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `3`

+* [CVE-2023-37563](CVE-2023/CVE-2023-375xx/CVE-2023-37563.json) (`2023-08-18T10:15:10.483`)
+* [CVE-2023-37566](CVE-2023/CVE-2023-375xx/CVE-2023-37566.json) (`2023-08-18T10:15:10.977`)
+* [CVE-2023-37567](CVE-2023/CVE-2023-375xx/CVE-2023-37567.json) (`2023-08-18T10:15:11.293`)


 ## Download and Usage