Lucene search

JpcertCVE-2021-20862

HistoryDec 01, 2021 - 3:15 a.m.

CVE-2021-20862

2021-12-0103:15:07

jpcert

web.nvd.nist.gov

cve-2021-20862

elecom routers

access control

vulnerability

network security

firmware

csrf

nvd

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product’s settings via unspecified vectors.

Affected configurations

Nvd

Node

elecomwrc-1167gst2_firmwareRange≤1.25

AND

elecomwrc-1167gst2Match-

Node

elecomwrc-1167gst2a_firmwareRange≤1.25

AND

elecomwrc-1167gst2aMatch-

Node

elecomwrc-1167gst2h_firmwareRange≤1.25

AND

elecomwrc-1167gst2hMatch-

Node

elecomwrc-2533gs2-b_firmwareRange≤1.52

AND

elecomwrc-2533gs2-bMatch-

Node

elecomwrc-2533gs2-w_firmwareRange≤1.52

AND

elecomwrc-2533gs2-wMatch-

Node

elecomwrc-1750gs_firmwareRange≤1.03

AND

elecomwrc-1750gsMatch-

Node

elecomwrc-1750gsv_firmwareRange≤2.11

AND

elecomwrc-1750gsvMatch-

Node

elecomwrc-1900gst_firmwareRange≤1.03

AND

elecomwrc-1900gstMatch-

Node

elecomwrc-2533gst_firmwareRange≤1.03

AND

elecomwrc-2533gstMatch-

Node

elecomwrc-2533gst2_firmwareRange≤1.25

AND

elecomwrc-2533gst2Match-

Node

elecomwrc-2533gsta_firmwareRange≤1.03

AND

elecomwrc-2533gstaMatch-

Node

elecomwrc-2533gst2sp_firmwareRange≤1.25

AND

elecomwrc-2533gst2spMatch-

Node

elecomwrc-2533gst2-g_firmwareRange≤1.25

AND

elecomwrc-2533gst2-gMatch-

Node

elecomedwrc-2533gst2_firmwareRange≤1.25

AND

elecomedwrc-2533gst2Match-

VendorProductVersionCPE
elecomwrc-1167gst2_firmware*cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2-cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*
elecomwrc-1167gst2a_firmware*cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2a-cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*
elecomwrc-1167gst2h_firmware*cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2h-cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*
elecomwrc-2533gs2-b_firmware*cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-b-cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
elecomwrc-2533gs2-w_firmware*cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-w-cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wrc-1167gst2_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2_firmware::::::::
elecom	wrc-1167gst2	-	cpe:2.3:h:elecom:wrc-1167gst2:-:::::::*
elecom	wrc-1167gst2a_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2a_firmware::::::::
elecom	wrc-1167gst2a	-	cpe:2.3:h:elecom:wrc-1167gst2a:-:::::::*
elecom	wrc-1167gst2h_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2h_firmware::::::::
elecom	wrc-1167gst2h	-	cpe:2.3:h:elecom:wrc-1167gst2h:-:::::::*
elecom	wrc-2533gs2-b_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-b_firmware::::::::
elecom	wrc-2533gs2-b	-	cpe:2.3:h:elecom:wrc-2533gs2-b:-:::::::*
elecom	wrc-2533gs2-w_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-w_firmware::::::::
elecom	wrc-2533gs2-w	-	cpe:2.3:h:elecom:wrc-2533gs2-w:-:::::::*

Rows per page:

1-10 of 281

CNA Affected

[
  {
    "product": "ELECOM routers",
    "vendor": "ELECOM CO.,LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "(WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior)"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU94527926/index.html

www.elecom.co.jp/news/security/20211130-01/

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Related for CVE-2021-20862