Published:2021/07/06  Last Updated:2021/07/09

JVNVU#94260088
Multiple vulnerabilities in Elecom routers

Overview

Multiple routers provided by ELECOM CO.,LTD. contain information disclosure and OS command injection vulnerabilities.

Products Affected

  • WRC-1167FS-W
  • WRC-1167FS-B
  • WRC-300FEBK
  • WRC-F300NF
  • WRC-733FEBK
  • WRH-300RD
  • WRH-300BK
  • WRH-300SV
  • WRH-300WH
  • WRH-H300WH
  • WRH-H300BK
  • WRC-1167FSA
  • WRH-300BK-S
  • WRH-300WH-S

Description

Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

WRC-1167FS-W, WRC-1167FS-B, WRC-1167FSA

  • Information disclosure (CWE-200) - CVE-2021-20738
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 4.3

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, WRH-300WH-S

  • OS command injection (CWE-78) - CVE-2021-20739
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score: 6.3

Impact

  • An unauthenticated network-adjacent attacker can possibly obtain sensitive information. - CVE-2021-20738
  • An unauthenticated network-adjacent attacker can execute arbitrary OS commands. - CVE-2021-20739

Solution

Stop using the products
Vulnerable products listed below are no longer supported. Stop using the products and consider switching to alternatives.
WRC-300FEBK、WRC-F300NF、WRC-733FEBK、WRH-300RD、WRH-300BK、WRH-300SV、WRH-300WH、WRH-H300WH、WRH-H300BK、WRH-300BK-S、WRH-300WH-S

Apply a workaround
For WRC-1167FS-W, WRC-1167FS-B and WRC-1167FSA, applying the following workarounds may mitigate the impacts of vulnerabilities. According to the developer, firmware updates for these products will not be released.

  • Change the password of products.
  • Do not access unnecessary web sites while logged into the products.
  • Quit the web browser after completing the settings.
  • Delete the password stored in the browser.

Vendor Status

Vendor Status Last Update Vendor Notes
ELECOM CO.,LTD. Vulnerable 2021/07/06 ELECOM CO.,LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2021-20738
CVE-2021-20739
JVN iPedia

Update History

2021/07/09
[Solution] was updated.