CVE-2021-20860
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a remote authenticated attacker to hijack the authentication of an administrator via a specially crafted page.
Affected (14)
Products: Elecom: Wrc 1167gst2 Firmware, Wrc 1167gst2a Firmware, Wrc 1167gst2h Firmware, Wrc 2533gs2 B Firmware, Wrc 2533gs2 W Firmware, Wrc 1750gs Firmware, Wrc 1750gsv Firmware, Wrc 1900gst Firmware, Wrc 2533gst Firmware, Wrc 2533gst2 Firmware, Wrc 2533gsta Firmware, Wrc 2533gst2sp Firmware, Wrc 2533gst2 G Firmware, Edwrc 2533gst2 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2a | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2h | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.52 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gs2 B | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.52 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gs2 W | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1750gs | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.11 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1750gsv | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1900gst | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gsta | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2sp | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2 G | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Edwrc 2533gst2 | All versions |
References (4)
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.