CVE-2021-20862
4.3
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD
Description
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product's settings via unspecified vectors.
Affected (14)
Products: Elecom: Wrc 1167gst2 Firmware, Wrc 1167gst2a Firmware, Wrc 1167gst2h Firmware, Wrc 2533gs2 B Firmware, Wrc 2533gs2 W Firmware, Wrc 1750gs Firmware, Wrc 1750gsv Firmware, Wrc 1900gst Firmware, Wrc 2533gst Firmware, Wrc 2533gst2 Firmware, Wrc 2533gsta Firmware, Wrc 2533gst2sp Firmware, Wrc 2533gst2 G Firmware, Edwrc 2533gst2 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2a | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2h | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.52 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gs2 B | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.52 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gs2 W | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1750gs | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.11 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1750gsv | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1900gst | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gsta | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2sp | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2 G | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Edwrc 2533gst2 | All versions |
References (4)
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.