JVN#88993473
Multiple vulnerabilities in multiple ELECOM LAN routers
Overview
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities.
Products Affected
CVE-2021-20852, CVE-2021-20853, CVE-2021-20854, CVE-2021-20855, CVE-2021-20856
- WRH-733GBK firmware v1.02.9 and earlier
- WRH-733GWH firmware v1.02.9 and earlier
- WRC-2533GHBK-I firmware v1.20 and earlier
- WRC-1167GST2 firmware v1.25 and earlier
- WRC-1167GST2A firmware v1.25 and earlier
- WRC-1167GST2H firmware v1.25 and earlier
- WRC-2533GS2-B firmware v1.52 and earlier
- WRC-2533GS2-W firmware v1.52 and earlier
- WRC-1750GS firmware v1.03 and earlier
- WRC-1750GSV firmware v2.11 and earlier
- WRC-1900GST firmware v1.03 and earlier
- WRC-2533GST firmware v1.03 and earlier
- WRC-2533GSTA firmware v1.03 and earlier
- WRC-2533GST2 firmware v1.25 and earlier
- WRC-2533GST2SP firmware v1.25 and earlier
- WRC-2533GST2-G firmware v1.25 and earlier
- EDWRC-2533GST2 firmware v1.25 and earlier
- WRC-1167GS2-B firmware v1.65 and earlier
- WRC-1167GS2H-B firmware v1.65 and earlier
- WMC-DLGST2-W firmware v1.24 and earlier
- WMC-M1267GST2-W firmware v1.24 and earlier
- WMC-2HC-W firmware v1.24 and earlier
- WMC-C2533GST-W firmware v1.24 and earlier
- WRC-1900GST2 firmware v1.15 and earlier
- WRC-1900GST2SP firmware v1.15 and earlier
- WRC-1750GST2 firmware v1.14 and earlier
Description
Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
- Buffer overflow (CWE-121) - CVE-2021-20852
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8 CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2 - OS command injection (CWE-78) - CVE-2021-20853, CVE-2021-20854
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8 CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2 - Cross-site scripting (CWE-79) - CVE-2021-20855, CVE-2021-20856
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - Cross-site scripting (CWE-79) - CVE-2021-20857
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1 CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6 - Cross-site scripting (CWE-79) - CVE-2021-20858
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4 CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5 - OS command injection (CWE-78) - CVE-2021-20859
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0 CVSS v2 AV:A/AC:L/Au:S/C:C/I:C/A:C Base Score: 7.7 - Cross-site request forgery (CWE-352) - CVE-2021-20860
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 8.8 CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:P Base Score: 5.1 - Improper access control (CWE-284) - CVE-2021-20861, CVE-2022-25915
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
Impact
- A network-adjacent attacker who can login to the management screen of the product may execute an arbitrary OS command - CVE-2021-20852, CVE-2021-20853, CVE-2021-20854
- An arbitrary script may be executed on a logged-in user's web browser - CVE-2021-20855, CVE-2021-20856, CVE-2021-20857, CVE-2021-20858
- A network-adjacent attacker who can login to the product may execute an arbitrary OS command - CVE-2021-20859
- If a user accesses a specially crafted page while logged in, unintended operations may be performed - CVE-2021-20860
- A network-adjacent attacker may access to the management screen of the product without any authentication - CVE-2021-20861, CVE-2022-25915
Solution
Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| ELECOM CO.,LTD. | Vulnerable | 2022/03/29 | ELECOM CO.,LTD. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
CVE-2021-20852, CVE-2021-20853, CVE-2021-20854
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20855, CVE-2021-20856
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20857, CVE-2021-20858
Imaoka Ryo, Imaoka Toshio of Cyber Security Reserach Team reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20859, CVE-2021-20860, CVE-2021-20861
Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2022-25915
Katsuhiko Sato(a.k.a. goroh_kun) reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2021-20852 |
|
CVE-2021-20853 |
|
|
CVE-2021-20854 |
|
|
CVE-2021-20855 |
|
|
CVE-2021-20856 |
|
|
CVE-2021-20857 |
|
|
CVE-2021-20858 |
|
|
CVE-2021-20859 |
|
|
CVE-2021-20860 |
|
|
CVE-2021-20861 |
|
|
CVE-2022-25915 |
|
| JVN iPedia |
JVNDB-2021-000108 |
Update History
- 2022/02/08
- ELECOM CO.,LTD. update status
- 2022/02/08
- Information under the section [Products Affected] was updated.
- 2022/03/29
- ELECOM CO.,LTD. update status
- 2022/03/29
- Information under the sections [Products Affected], [Description], [Impact] and [Credit] was updated.
- 2022/03/30
- Information under the section [Description] was fixed.