Lucene search

JpcertCVE-2021-20859

HistoryDec 01, 2021 - 3:15 a.m.

CVE-2021-20859

2021-12-0103:15:07

CWE-78

jpcert

web.nvd.nist.gov

elecom

lan

routers

firmware

os command execution

cve-2021-20859

CVSS2

7.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

13.1%

JSON

ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.

Affected configurations

Nvd

Vulners

Node

elecomwrc-1167gst2_firmwareRange≤1.25

AND

elecomwrc-1167gst2Match-

Node

elecomwrc-1167gst2a_firmwareRange≤1.25

AND

elecomwrc-1167gst2aMatch-

Node

elecomwrc-1167gst2h_firmwareRange≤1.25

AND

elecomwrc-1167gst2hMatch-

Node

elecomwrc-2533gs2-b_firmwareRange≤1.52

AND

elecomwrc-2533gs2-bMatch-

Node

elecomwrc-2533gs2-w_firmwareRange≤1.52

AND

elecomwrc-2533gs2-wMatch-

Node

elecomwrc-1750gs_firmwareRange≤1.03

AND

elecomwrc-1750gsMatch-

Node

elecomwrc-1750gsv_firmwareRange≤2.11

AND

elecomwrc-1750gsvMatch-

Node

elecomwrc-1900gstMatch-

AND

elecomwrc-1900gst_firmwareRange≤1.03

Node

elecomwrc-2533gstMatch-

AND

elecomwrc-2533gst_firmwareRange≤1.03

Node

elecomwrc-2533gst2Match-

AND

elecomwrc-2533gst2_firmwareRange≤1.25

Node

elecomwrc-2533gstaMatch-

AND

elecomwrc-2533gsta_firmwareRange≤1.03

Node

elecomwrc-2533gst2sp_firmwareRange≤1.25

AND

elecomwrc-2533gst2spMatch-

Node

elecomwrc-2533gst2-g_firmwareRange≤1.25

AND

elecomwrc-2533gst2-gMatch-

Node

elecomedwrc-2533gst2_firmwareRange≤1.25

AND

elecomedwrc-2533gst2Match-

VendorProductVersionCPE
elecomwrc-1167gst2_firmware*cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2-cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*
elecomwrc-1167gst2a_firmware*cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2a-cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*
elecomwrc-1167gst2h_firmware*cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2h-cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*
elecomwrc-2533gs2-b_firmware*cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-b-cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
elecomwrc-2533gs2-w_firmware*cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-w-cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wrc-1167gst2_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2_firmware::::::::
elecom	wrc-1167gst2	-	cpe:2.3:h:elecom:wrc-1167gst2:-:::::::*
elecom	wrc-1167gst2a_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2a_firmware::::::::
elecom	wrc-1167gst2a	-	cpe:2.3:h:elecom:wrc-1167gst2a:-:::::::*
elecom	wrc-1167gst2h_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2h_firmware::::::::
elecom	wrc-1167gst2h	-	cpe:2.3:h:elecom:wrc-1167gst2h:-:::::::*
elecom	wrc-2533gs2-b_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-b_firmware::::::::
elecom	wrc-2533gs2-b	-	cpe:2.3:h:elecom:wrc-2533gs2-b:-:::::::*
elecom	wrc-2533gs2-w_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-w_firmware::::::::
elecom	wrc-2533gs2-w	-	cpe:2.3:h:elecom:wrc-2533gs2-w:-:::::::*

Rows per page:

1-10 of 281

CNA Affected

[
  {
    "product": "ELECOM LAN routers",
    "vendor": "ELECOM CO.,LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN88993473/index.html

www.elecom.co.jp/news/security/20211130-01/

CVSS2

7.7

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

13.1%

JSON

Related for CVE-2021-20859