Inadequate Encryption Strength in ELECOM CO. ,LTD. products - CVE-2023-43757
Published: November 27, 2023
Vulnerability identifier: #VU83490
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-43757
CWE-ID: CWE-326
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: ELECOM CO. ,LTD.
Affected software:
WRC-2533GHBK2-T
WRC-2533GHBK-I
WRC-1750GHBK2-I
WRC-1750GHBK-E
WRC-1750GHBK
WRC-1167GHBK2
WRC-1167GHBK
WRC-733GHBK
WRC-733GHBK-I
WRC-733GHBK-C
WRC-300GHBK2-I
WRC-300GHBK
WRC-733FEBK
WRC-300FEBK
WRC-F300NF
WRH-300WH-H
WRH-300BK
WRH-300WH
WRH-300RD
WRH-300SV
WRH-300BK-S
WRH-300WH-S
WRH-300BK2-S
WRH-300WH2-S
WRH-H300BK
WRH-H300WH
WRH-150BK
WRH-150WH
LAN-W300N/RS
LAN-W301NR
LAN-W300N/P
LAN-WH300N/DGP
LAN-WH300NDGPE
WRC-2533GHBK2-T
WRC-2533GHBK-I
WRC-1750GHBK2-I
WRC-1750GHBK-E
WRC-1750GHBK
WRC-1167GHBK2
WRC-1167GHBK
WRC-733GHBK
WRC-733GHBK-I
WRC-733GHBK-C
WRC-300GHBK2-I
WRC-300GHBK
WRC-733FEBK
WRC-300FEBK
WRC-F300NF
WRH-300WH-H
WRH-300BK
WRH-300WH
WRH-300RD
WRH-300SV
WRH-300BK-S
WRH-300WH-S
WRH-300BK2-S
WRH-300WH2-S
WRH-H300BK
WRH-H300WH
WRH-150BK
WRH-150WH
LAN-W300N/RS
LAN-W301NR
LAN-W300N/P
LAN-WH300N/DGP
LAN-WH300NDGPE
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to inadequate encryption strength. A remote attacker on the local network can guess the encryption key used for the wireless LAN communication and intercept the communication.
How to mitigate CVE-2023-43757
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.