Published:2020/10/05  Last Updated:2020/10/05

JVN#82892096
OS command injection vulnerability in multiple ELECOM LAN routers

Overview

Multiple ELECOM LAN routers contain an OS command injection vulnerability.

Products Affected

  • WRC-2533GST2 firmware versions prior to v1.14
  • WRC-1900GST2 firmware versions prior to v1.14
  • WRC-1750GST2 firmware versions prior to v1.14
  • WRC-1167GST2 firmware versions prior to v1.10

Description

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability (CWE-78).

Impact

A remote attacker who can access the management screen of the affected device may execute an arbitrary OS command with root privilege.

Solution

Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
ELECOM CO.,LTD. Vulnerable 2020/10/05 ELECOM CO.,LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score: 8.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P
Base Score: 5.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5634
JVN iPedia JVNDB-2020-000067