Login Sign Up

CVE-2023-37562

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in ELECOM WTC-C1167GC routers allows attackers to trick authenticated users into performing unintended operations. Attackers can craft malicious web pages that, when visited by logged-in users, execute unauthorized commands on the router. All users of affected router models with vulnerable firmware are at risk.

💻 Affected Systems

Products:
  • ELECOM WTC-C1167GC-B
  • ELECOM WTC-C1167GC-W
Versions: v1.17 and earlier
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. The vulnerability affects the web management interface.

📦 What is this software?

Wtc C1167gc B Firmware by Elecom

View all CVEs affecting Wtc C1167gc B Firmware →

Wtc C1167gc W Firmware by Elecom

View all CVEs affecting Wtc C1167gc W Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to change admin credentials, modify network settings, enable remote access, or disable security features.

🟠

Likely Case

Unauthorized configuration changes such as DNS hijacking, port forwarding to malicious services, or disabling firewall rules.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if users don't visit malicious sites while authenticated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (visiting malicious page) while authenticated to router admin interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.18 or later

Vendor Advisory: https://www.elecom.co.jp/news/security/20230711-01/

Restart Required: Yes

Instructions:

1. Download firmware v1.18 or later from ELECOM support site. 2. Log into router admin interface. 3. Navigate to firmware update section. 4. Upload and apply the new firmware. 5. Wait for router to reboot automatically.

🔧 Temporary Workarounds

Log out after admin sessions

all

Always log out of router admin interface after completing configuration tasks to prevent CSRF attacks.

Use separate browser for admin

all

Use a dedicated browser or private/incognito mode only for router administration to isolate admin sessions.

🧯 If You Can't Patch

  • Restrict router admin interface access to trusted internal IP addresses only
  • Implement network segmentation to isolate router management traffic

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under System Information or similar section.

Check Version:

No CLI command - check via web interface at http://router-ip/ (exact path varies by model)

Verify Fix Applied:

Verify firmware version shows v1.18 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected configuration changes without corresponding admin login
  • Multiple failed login attempts followed by configuration changes

Network Indicators:

  • Unusual outbound connections from router after admin session
  • DNS server changes to unfamiliar addresses

SIEM Query:

source="router_logs" AND (event="config_change" AND NOT user="admin") OR (event="dns_change" AND NOT user="admin")

📊 Metadata

CVE ID: CVE-2023-37562
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: July 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37562, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)