Lucene search

[email protected]CVE-2021-20864

HistoryDec 01, 2021 - 3:15 a.m.

CVE-2021-20864

2021-12-0103:15:07

[email protected]

web.nvd.nist.gov

cve-2021-20864

elecom routers

access control vulnerability

unauthorized access

network security

telnet service

os command execution

nvd

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors.

Affected configurations

NVD

Node

elecomwrc-1167gst2_firmwareRange≤1.25

AND

elecomwrc-1167gst2Match-

Node

elecomwrc-1167gst2a_firmwareRange≤1.25

AND

elecomwrc-1167gst2aMatch-

Node

elecomwrc-1167gst2h_firmwareRange≤1.25

AND

elecomwrc-1167gst2hMatch-

Node

elecomwrc-2533gs2-b_firmwareRange≤1.52

AND

elecomwrc-2533gs2-bMatch-

Node

elecomwrc-2533gs2-w_firmwareRange≤1.52

AND

elecomwrc-2533gs2-wMatch-

Node

elecomwrc-1750gs_firmwareRange≤1.03

AND

elecomwrc-1750gsMatch-

Node

elecomwrc-1750gsv_firmwareRange≤2.11

AND

elecomwrc-1750gsvMatch-

Node

elecomwrc-1900gst_firmwareRange≤1.03

AND

elecomwrc-1900gstMatch-

Node

elecomwrc-2533gst_firmwareRange≤1.03

AND

elecomwrc-2533gstMatch-

Node

elecomwrc-2533gst2_firmwareRange≤1.25

AND

elecomwrc-2533gst2Match-

Node

elecomwrc-2533gsta_firmwareRange≤1.03

AND

elecomwrc-2533gstaMatch-

Node

elecomwrc-2533gst2sp_firmwareRange≤1.25

AND

elecomwrc-2533gst2spMatch-

Node

elecomwrc-2533gst2-g_firmwareRange≤1.25

AND

elecomwrc-2533gst2-gMatch-

Node

elecomedwrc-2533gst2_firmwareRange≤1.25

AND

elecomedwrc-2533gst2Match-

CPENameOperatorVersion
elecom:wrc-1167gst2_firmwareelecom wrc-1167gst2 firmwarele1.25

CPE	Name	Operator	Version
elecom:wrc-1167gst2_firmware	elecom wrc-1167gst2 firmware	le	1.25

CNA Affected

[
  {
    "product": "ELECOM routers",
    "vendor": "ELECOM CO.,LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "(WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior)"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU94527926/index.html

www.elecom.co.jp/news/security/20211130-01/

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.9%

JSON

Related for CVE-2021-20864

nvd1 cvelist1 prion1