Published:2021/11/30  Last Updated:2022/03/30

JVN#88993473
Multiple vulnerabilities in multiple ELECOM LAN routers

Overview

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities.

Products Affected

CVE-2021-20852, CVE-2021-20853, CVE-2021-20854, CVE-2021-20855, CVE-2021-20856

  • WRH-733GBK firmware v1.02.9 and earlier
  • WRH-733GWH firmware v1.02.9 and earlier
CVE-2021-20857, CVE-2021-20858
  • WRC-2533GHBK-I firmware v1.20 and earlier
CVE-2021-20859, CVE-2021-20860, CVE-2021-20861, CVE-2022-25915
  • WRC-1167GST2 firmware v1.25 and earlier
  • WRC-1167GST2A firmware v1.25 and earlier
  • WRC-1167GST2H firmware v1.25 and earlier
  • WRC-2533GS2-B firmware v1.52 and earlier
  • WRC-2533GS2-W firmware v1.52 and earlier
  • WRC-1750GS firmware v1.03 and earlier
  • WRC-1750GSV firmware v2.11 and earlier
  • WRC-1900GST firmware v1.03 and earlier
  • WRC-2533GST firmware v1.03 and earlier
  • WRC-2533GSTA firmware v1.03 and earlier
  • WRC-2533GST2 firmware v1.25 and earlier
  • WRC-2533GST2SP firmware v1.25 and earlier
  • WRC-2533GST2-G firmware v1.25 and earlier
  • EDWRC-2533GST2 firmware v1.25 and earlier
  • WRC-1167GS2-B firmware v1.65 and earlier
  • WRC-1167GS2H-B firmware v1.65 and earlier
  • WMC-DLGST2-W firmware v1.24 and earlier
  • WMC-M1267GST2-W firmware v1.24 and earlier
  • WMC-2HC-W firmware v1.24 and earlier
  • WMC-C2533GST-W firmware v1.24 and earlier
  • WRC-1900GST2 firmware v1.15 and earlier
  • WRC-1900GST2SP firmware v1.15 and earlier
  • WRC-1750GST2 firmware v1.14 and earlier

Description

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

  • Buffer overflow (CWE-121) - CVE-2021-20852
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • OS command injection (CWE-78) - CVE-2021-20853, CVE-2021-20854
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Cross-site scripting (CWE-79) - CVE-2021-20855, CVE-2021-20856
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • Cross-site scripting (CWE-79) - CVE-2021-20857
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • Cross-site scripting (CWE-79) - CVE-2021-20858
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • OS command injection (CWE-78) - CVE-2021-20859
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0
    CVSS v2 AV:A/AC:L/Au:S/C:C/I:C/A:C Base Score: 7.7
  • Cross-site request forgery (CWE-352) - CVE-2021-20860
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:P Base Score: 5.1
  • Improper access control (CWE-284) - CVE-2021-20861, CVE-2022-25915
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8

Impact

  • A network-adjacent attacker who can login to the management screen of the product may execute an arbitrary OS command - CVE-2021-20852, CVE-2021-20853, CVE-2021-20854
  • An arbitrary script may be executed on a logged-in user's web browser - CVE-2021-20855, CVE-2021-20856, CVE-2021-20857, CVE-2021-20858
  • A network-adjacent attacker who can login to the product may execute an arbitrary OS command - CVE-2021-20859
  • If a user accesses a specially crafted page while logged in, unintended operations may be performed - CVE-2021-20860
  • A network-adjacent attacker may access to the management screen of the product without any authentication - CVE-2021-20861, CVE-2022-25915

Solution

Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
ELECOM CO.,LTD. Vulnerable 2022/03/29 ELECOM CO.,LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-20852, CVE-2021-20853, CVE-2021-20854
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20855, CVE-2021-20856
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20857, CVE-2021-20858
Imaoka Ryo, Imaoka Toshio of Cyber Security Reserach Team reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20859, CVE-2021-20860, CVE-2021-20861
Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2022-25915
Katsuhiko Sato(a.k.a. goroh_kun) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Update History

2022/02/08
ELECOM CO.,LTD. update status
2022/02/08
Information under the section [Products Affected] was updated.
2022/03/29
ELECOM CO.,LTD. update status
2022/03/29
Information under the sections [Products Affected], [Description], [Impact] and [Credit] was updated.
2022/03/30
Information under the section [Description] was fixed.