Inadequate Encryption Strength in ELECOM routers
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-43757 |
| CWE-ID | CWE-326 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
WRC-2533GHBK2-T Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-2533GHBK-I Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-1750GHBK2-I Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-1750GHBK-E Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-1750GHBK Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-1167GHBK2 Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-1167GHBK Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-733GHBK Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-733GHBK-I Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-733GHBK-C Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-300GHBK2-I Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-300GHBK Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-733FEBK Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-300FEBK Hardware solutions / Routers & switches, VoIP, GSM, etc WRC-F300NF Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300WH-H Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300BK Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300WH Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300RD Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300SV Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300BK-S Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300WH-S Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300BK2-S Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-300WH2-S Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-H300BK Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-H300WH Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-150BK Hardware solutions / Routers & switches, VoIP, GSM, etc WRH-150WH Hardware solutions / Routers & switches, VoIP, GSM, etc LAN-W300N/RS Hardware solutions / Routers & switches, VoIP, GSM, etc LAN-W301NR Hardware solutions / Routers & switches, VoIP, GSM, etc LAN-W300N/P Hardware solutions / Routers & switches, VoIP, GSM, etc LAN-WH300N/DGP Hardware solutions / Routers & switches, VoIP, GSM, etc LAN-WH300NDGPE Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | ELECOM CO. ,LTD. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Inadequate Encryption Strength
EUVDB-ID: #VU83490
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-43757
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to inadequate encryption strength. A remote attacker on the local network can guess the encryption key used for the wireless LAN communication and intercept the communication.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWRC-2533GHBK2-T: All versions
WRC-2533GHBK-I: All versions
WRC-1750GHBK2-I: All versions
WRC-1750GHBK-E: All versions
WRC-1750GHBK: All versions
WRC-1167GHBK2: All versions
WRC-1167GHBK: All versions
WRC-733GHBK: All versions
WRC-733GHBK-I: All versions
WRC-733GHBK-C: All versions
WRC-300GHBK2-I: All versions
WRC-300GHBK: All versions
WRC-733FEBK: All versions
WRC-300FEBK: All versions
WRC-F300NF: All versions
WRH-300WH-H: All versions
WRH-300BK: All versions
WRH-300WH: All versions
WRH-300RD: All versions
WRH-300SV: All versions
WRH-300BK-S: All versions
WRH-300WH-S: All versions
WRH-300BK2-S: All versions
WRH-300WH2-S: All versions
WRH-H300BK: All versions
WRH-H300WH: All versions
WRH-150BK: All versions
WRH-150WH: All versions
LAN-W300N/RS: All versions
LAN-W301NR: All versions
LAN-W300N/P: All versions
LAN-WH300N/DGP: All versions
LAN-WH300NDGPE: All versions
CPE2.3- cpe:2.3:h:elecom_co._ltd.:wrc-2533ghbk2-t:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-2533ghbk-i:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-1750ghbk2-i:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-1750ghbk-e:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-1750ghbk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-1167ghbk2:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-1167ghbk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-733ghbk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-733ghbk-i:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-733ghbk-c:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-300ghbk2-i:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-300ghbk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-733febk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-300febk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrc-f300nf:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300wh-h:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300bk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300wh:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300rd:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300sv:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300bk-s:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300wh-s:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300bk2-s:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-300wh2-s:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-h300bk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-h300wh:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-150bk:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:wrh-150wh:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:lan-w300n_rs:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:lan-w301nr:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:lan-w300n_p:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:lan-wh300n_dgp:*:*:*:*:*:*:*:*
- cpe:2.3:h:elecom_co._ltd.:lan-wh300ndgpe:*:*:*:*:*:*:*:*
https://www.elecom.co.jp/news/security/20231114-01/
https://www.elecom.co.jp/news/security/20230810-01/
https://www.elecom.co.jp/news/security/20210706-01/
https://jvn.jp/en/vu/JVNVU94119876/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
