← Back

CVE-2023-31198

nvd nist
Published: Jun 13, 2023Modified: Jan 3, 2025

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. Affected products and versions are as follows: AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier, AC-WAPUM-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B07 and earlier

Affected (8)

Inaba
8 products
Ac Pd Wapu Firmware
Ac Pd Wapum Firmware
Ac Pd Wapu P Firmware
Ac Pd Wapum P Firmware
Ac Wapu 300 Firmware
Ac Wapum 300 Firmware
Ac Wapum 300 P Firmware
Ac Wapu 300 P Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Pd Wapu Firmware
Up to 1.05_b04
Running on/withPlatform Versions
Inaba
Ac Pd Wapu
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Pd Wapum Firmware
Up to 1.05_b04
Running on/withPlatform Versions
Inaba
Ac Pd Wapum
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Pd Wapu P Firmware
Up to 1.05_b04p
Running on/withPlatform Versions
Inaba
Ac Pd Wapu P
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Pd Wapum P Firmware
Up to 1.05_b04p
Running on/withPlatform Versions
Inaba
Ac Pd Wapum P
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Wapu 300 Firmware
Up to 1.00_b07
Running on/withPlatform Versions
Inaba
Ac Wapu 300
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Wapum 300 Firmware
Up to 1.00_b07
Running on/withPlatform Versions
Inaba
Ac Wapum 300
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Wapum 300 P Firmware
Up to 1.00_b07
Running on/withPlatform Versions
Inaba
Ac Wapum 300 P
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ac Wapu 300 P Firmware
Up to 1.00_b07
Running on/withPlatform Versions
Inaba
Ac Wapu 300 P
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

Source: vultures@jpcert.or.jp
MitigationThird Party Advisory
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.