Lucene search

[email protected]NVD:CVE-2020-5634

HistoryOct 06, 2020 - 6:15 a.m.

CVE-2020-5634

2020-10-0606:15:12

[email protected]

web.nvd.nist.gov

cve-2020-5634

elecom lan routers

firmware vulnerability

os command execution

root privilege

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.3%

JSON

ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors.

Affected configurations

Nvd

Node

elecomwrc-2533gst2Match-

AND

elecomwrc-2533gst2_firmwareRange<1.14

Node

elecomwrc-1900gst2Match-

AND

elecomwrc-1900gst2_firmwareRange<1.14

Node

elecomwrc-1750gst2Match-

AND

elecomwrc-1750gst2_firmwareRange<1.14

Node

elecomwrc-1167gst2Match-

AND

elecomwrc-1167gst2_firmwareRange<1.10

VendorProductVersionCPE
elecomwrc-2533gst2-cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*
elecomwrc-2533gst2_firmware*cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
elecomwrc-1900gst2-cpe:2.3:h:elecom:wrc-1900gst2:-:*:*:*:*:*:*:*
elecomwrc-1900gst2_firmware*cpe:2.3:o:elecom:wrc-1900gst2_firmware:*:*:*:*:*:*:*:*
elecomwrc-1750gst2-cpe:2.3:h:elecom:wrc-1750gst2:-:*:*:*:*:*:*:*
elecomwrc-1750gst2_firmware*cpe:2.3:o:elecom:wrc-1750gst2_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2-cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*
elecomwrc-1167gst2_firmware*cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wrc-2533gst2	-	cpe:2.3:h:elecom:wrc-2533gst2:-:::::::*
elecom	wrc-2533gst2_firmware	*	cpe:2.3:o:elecom:wrc-2533gst2_firmware::::::::
elecom	wrc-1900gst2	-	cpe:2.3:h:elecom:wrc-1900gst2:-:::::::*
elecom	wrc-1900gst2_firmware	*	cpe:2.3:o:elecom:wrc-1900gst2_firmware::::::::
elecom	wrc-1750gst2	-	cpe:2.3:h:elecom:wrc-1750gst2:-:::::::*
elecom	wrc-1750gst2_firmware	*	cpe:2.3:o:elecom:wrc-1750gst2_firmware::::::::
elecom	wrc-1167gst2	-	cpe:2.3:h:elecom:wrc-1167gst2:-:::::::*
elecom	wrc-1167gst2_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2_firmware::::::::

References

jvn.jp/en/jp/JVN82892096/index.html

www.elecom.co.jp/news/security/20201005-01/

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.3%

JSON

Related for NVD:CVE-2020-5634

cve1 cvelist1 jvn1 prion1