Published:2020/10/05 Last Updated:2020/10/05
JVN#82892096
OS command injection vulnerability in multiple ELECOM LAN routers
Overview
Multiple ELECOM LAN routers contain an OS command injection vulnerability.
Products Affected
- WRC-2533GST2 firmware versions prior to v1.14
- WRC-1900GST2 firmware versions prior to v1.14
- WRC-1750GST2 firmware versions prior to v1.14
- WRC-1167GST2 firmware versions prior to v1.10
Description
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain an OS command injection vulnerability (CWE-78).
Impact
A remote attacker who can access the management screen of the affected device may execute an arbitrary OS command with root privilege.
Solution
Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| ELECOM CO.,LTD. | Vulnerable | 2020/10/05 | ELECOM CO.,LTD. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
CVSS v3
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score:
8.8
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
CVSS v2
AV:A/AC:L/Au:N/C:P/I:P/A:P
Base Score:
5.8
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Credit
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2020-5634 |
| JVN iPedia |
JVNDB-2020-000067 |