Japan Vulnerability NotesJVN:82892096JVN#82892096: OS command injection vulnerability in multiple ELECOM LAN routers
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
33.5%
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability (CWE-78).
Impact
A remote attacker who can access the management screen of the affected device may execute an arbitrary OS command with root privilege.
Solution
Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.
Products Affected
- WRC-2533GST2 firmware versions prior to v1.14
- WRC-1900GST2 firmware versions prior to v1.14
- WRC-1750GST2 firmware versions prior to v1.14
- WRC-1167GST2 firmware versions prior to v1.10
Related
8.3 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
33.5%