Lucene search

[email protected]NVD:CVE-2021-20860

HistoryDec 01, 2021 - 3:15 a.m.

CVE-2021-20860

2021-12-0103:15:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2021-20860

elecom lan routers

csrf vulnerability

remote attack

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.2%

JSON

Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page.

Affected configurations

Nvd

Node

elecomwrc-1167gst2_firmwareRange≤1.25

AND

elecomwrc-1167gst2Match-

Node

elecomwrc-1167gst2a_firmwareRange≤1.25

AND

elecomwrc-1167gst2aMatch-

Node

elecomwrc-1167gst2h_firmwareRange≤1.25

AND

elecomwrc-1167gst2hMatch-

Node

elecomwrc-2533gs2-b_firmwareRange≤1.52

AND

elecomwrc-2533gs2-bMatch-

Node

elecomwrc-2533gs2-w_firmwareRange≤1.52

AND

elecomwrc-2533gs2-wMatch-

Node

elecomwrc-1750gs_firmwareRange≤1.03

AND

elecomwrc-1750gsMatch-

Node

elecomwrc-1750gsv_firmwareRange≤2.11

AND

elecomwrc-1750gsvMatch-

Node

elecomwrc-1900gst_firmwareRange≤1.03

AND

elecomwrc-1900gstMatch-

Node

elecomwrc-2533gst_firmwareRange≤1.03

AND

elecomwrc-2533gstMatch-

Node

elecomwrc-2533gst2_firmwareRange≤1.25

AND

elecomwrc-2533gst2Match-

Node

elecomwrc-2533gsta_firmwareRange≤1.03

AND

elecomwrc-2533gstaMatch-

Node

elecomwrc-2533gst2sp_firmwareRange≤1.25

AND

elecomwrc-2533gst2spMatch-

Node

elecomwrc-2533gst2-g_firmwareRange≤1.25

AND

elecomwrc-2533gst2-gMatch-

Node

elecomedwrc-2533gst2_firmwareRange≤1.25

AND

elecomedwrc-2533gst2Match-

VendorProductVersionCPE
elecomwrc-1167gst2_firmware*cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2-cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*
elecomwrc-1167gst2a_firmware*cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2a-cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*
elecomwrc-1167gst2h_firmware*cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*
elecomwrc-1167gst2h-cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*
elecomwrc-2533gs2-b_firmware*cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-b-cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*
elecomwrc-2533gs2-w_firmware*cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
elecomwrc-2533gs2-w-cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
elecom	wrc-1167gst2_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2_firmware::::::::
elecom	wrc-1167gst2	-	cpe:2.3:h:elecom:wrc-1167gst2:-:::::::*
elecom	wrc-1167gst2a_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2a_firmware::::::::
elecom	wrc-1167gst2a	-	cpe:2.3:h:elecom:wrc-1167gst2a:-:::::::*
elecom	wrc-1167gst2h_firmware	*	cpe:2.3:o:elecom:wrc-1167gst2h_firmware::::::::
elecom	wrc-1167gst2h	-	cpe:2.3:h:elecom:wrc-1167gst2h:-:::::::*
elecom	wrc-2533gs2-b_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-b_firmware::::::::
elecom	wrc-2533gs2-b	-	cpe:2.3:h:elecom:wrc-2533gs2-b:-:::::::*
elecom	wrc-2533gs2-w_firmware	*	cpe:2.3:o:elecom:wrc-2533gs2-w_firmware::::::::
elecom	wrc-2533gs2-w	-	cpe:2.3:h:elecom:wrc-2533gs2-w:-:::::::*

Rows per page:

1-10 of 281

References

jvn.jp/en/jp/JVN88993473/index.html

www.elecom.co.jp/news/security/20211130-01/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.2%

JSON

Related for NVD:CVE-2021-20860

cvelist1 cve1 prion1 jvn1