Published:2021/11/30 Last Updated:2022/03/29
JVNVU#94527926
Multiple vulnerabilities in multiple ELECOM routers
Overview
Multiple ELECOM routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities.
Products Affected
- WRC-1167GST2 firmware v1.25 and earlier
- WRC-1167GST2A firmware v1.25 and earlier
- WRC-1167GST2H firmware v1.25 and earlier
- WRC-2533GS2-B firmware v1.52 and earlier
- WRC-2533GS2-W firmware v1.52 and earlier
- WRC-1750GS firmware v1.03 and earlier
- WRC-1750GSV firmware v2.11 and earlier
- WRC-1900GST firmware v1.03 and earlier
- WRC-2533GST firmware v1.03 and earlier
- WRC-2533GSTA firmware v1.03 and earlier
- WRC-2533GST2 firmware v1.25 and earlier
- WRC-2533GST2SP firmware v1.25 and earlier
- WRC-2533GST2-G firmware v1.25 and earlier
- EDWRC-2533GST2 firmware v1.25 and earlier
- WRC-1167GS2-B firmware v1.65 and earlier
- WRC-1167GS2H-B firmware v1.65 and earlier
- WMC-DLGST2-W firmware v1.24 and earlier
- WMC-M1267GST2-W firmware v1.24 and earlier
- WMC-2HC-W firmware v1.24 and earlier
- WMC-C2533GST-W firmware v1.24 and earlier
- WRC-1900GST2 firmware v1.15 and earlier
- WRC-1900GST2SP firmware v1.15 and earlier
- WRC-1750GST2 firmware v1.14 and earlier
Description
Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
- Improper access control leading to anti-CSRF tokens disclosure (CWE-284) - CVE-2021-20862
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Base Score: 5.4 - OS command injection (CWE-78) - CVE-2021-20863
CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8 - Improper access control leading to unauthorized activation of telnet service (CWE-284) - CVE-2021-20864
CVSS v3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 7.5
Impact
- A network-adjacent unauthenticated attacker may obtain anti-CSRF tokens and change the product's settings - CVE-2021-20862
- An attacker who can log in to the management screen may execute arbitrary OS commands with the root privilege - CVE-2021-20863
- A network-adjacent unauthenticated attacker may start the telnet service and exexute arbitrary OS commands with the root privilege - CVE-2021-20864
Solution
Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.
The developer has released fixed versions listed below.
- WRC-1167GST2 firmware v1.27
- WRC-1167GST2A firmware v1.27
- WRC-1167GST2H firmware v1.27
- WRC-2533GS2-B firmware v1.61
- WRC-2533GS2-W firmware v1.61
- WRC-1750GS firmware v1.06
- WRC-1750GSV firmware v2.30
- WRC-1900GST firmware v1.06
- WRC-2533GST firmware v1.06
- WRC-2533GSTA firmware v1.06
- WRC-2533GST2 firmware v1.27
- WRC-2533GST2SP firmware v1.27
- WRC-2533GST2-G firmware v1.27
- EDWRC-2533GST2 firmware v1.27
- WRC-1167GS2-B firmware v1.66
- WRC-1167GS2H-B firmware v1.66
- WMC-DLGST2-W firmware v1.25
- WMC-M1267GST2-W firmware v1.25
- WMC-2HC-W firmware v1.25
- WMC-C2533GST-W firmware v1.25
- WRC-1900GST2 firmware v1.16
- WRC-1900GST2SP firmware v1.16
- WRC-1750GST2 firmware v1.15
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| ELECOM CO.,LTD. | Vulnerable | 2022/03/29 | ELECOM CO.,LTD. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Chuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported these vulnerabilities to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2021-20862 |
|
CVE-2021-20863 |
|
|
CVE-2021-20864 |
|
| JVN iPedia |
|
Update History
- 2022/02/08
- ELECOM CO.,LTD. update status
- 2022/02/08
- Information under the section [Products Affected] and [Solution] was updated. The typos under the section [Credit] were fixed.
- 2022/03/29
- ELECOM CO.,LTD. update status
- 2022/03/29
- Information under the sections [Products Affected] and [Solution] was updated.