Published:2021/11/30  Last Updated:2021/11/30

JVN#88993473
Multiple vulnerabilities in multiple ELECOM LAN routers

Overview

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities.

Products Affected

CVE-2021-20852, CVE-2021-20853, CVE-2021-20854, CVE-2021-20855, CVE-2021-20856

  • WRH-733GBK firmware v1.02.9 and prior
  • WRH-733GWH firmware v1.02.9 and prior
CVE-2021-20857, CVE-2021-20858
  • WRC-2533GHBK-I firmware v1.20 and prior
CVE-2021-20859, CVE-2021-20860, CVE-2021-20861
  • WRC-1167GST2 firmware v1.25 and prior
  • WRC-1167GST2A firmware v1.25 and prior
  • WRC-1167GST2H firmware v1.25 and prior
  • WRC-2533GS2-B firmware v1.52 and prior
  • WRC-2533GS2-W firmware v1.52 and prior
  • WRC-1750GS firmware v1.03 and prior
  • WRC-1750GSV firmware v2.11 and prior
  • WRC-1900GST firmware v1.03 and prior
  • WRC-2533GST firmware v1.03 and prior
  • WRC-2533GSTA firmware v1.03 and prior
  • WRC-2533GST2 firmware v1.25 and prior
  • WRC-2533GST2SP firmware v1.25 and prior
  • WRC-2533GST2-G firmware v1.25 and prior
  • EDWRC-2533GST2 firmware v1.25 and prior

Description

Multiple ELECOM LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

  • Buffer overflow (CWE-121) - CVE-2021-20852
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • OS command injection (CWE-78) - CVE-2021-20853, CVE-2021-20854
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
  • Cross-site scripting (CWE-79) - CVE-2021-20855, CVE-2021-20856
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • Cross-site scripting (CWE-79) - CVE-2021-20857
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • Cross-site scripting (CWE-79) - CVE-2021-20858
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score: 5.4
    CVSS v2 AV:N/AC:M/Au:S/C:N/I:P/A:N Base Score: 3.5
  • OS command injection (CWE-78) - CVE-2021-20859
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.0
    CVSS v2 AV:A/AC:L/Au:S/C:C/I:C/A:C Base Score: 7.7
  • Cross-site request forgery (CWE-352) - CVE-2021-20860
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:P Base Score: 5.1
  • Improper access control (CWE-284) - CVE-2021-20861
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
    CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.2

Impact

  • A network-adjacent attacker who can login to the management screen of the product may execute an arbitrary OS command - CVE-2021-20852, CVE-2021-20853, CVE-2021-20854
  • An arbitrary script may be executed on a logged-in user's web browser - CVE-2021-20855, CVE-2021-20856, CVE-2021-20857, CVE-2021-20858
  • A network-adjacent attacker who can login to the product may execute an arbitrary OS command - CVE-2021-20859
  • If a user accesses a specially crafted page while logged in, unintended operations may be performed - CVE-2021-20860
  • A network-adjacent attacker may access to the management screen of the product without any authentication - CVE-2021-20861

Solution

Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
ELECOM CO.,LTD. Vulnerable 2021/11/30 ELECOM CO.,LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-20852, CVE-2021-20853, CVE-2021-20854
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20855, CVE-2021-20856
Tomonori Yamamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20857, CVE-2021-20858
Imaoka Ryo, Imaoka Toshio of Cyber Security Reserach Team reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20859, CVE-2021-20860, CVE-2021-20861
Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information