CVE-2022-21173

Published: Feb 8, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors.

Affected (8)

Products: Elecom: Wrh 300bk3 Firmware, Wrh 300wh3 Firmware, Wrh 300bk3 S Firmware, Wrh 300wh3 S Firmware, Wrh 300lb3 S Firmware, Wrh 300pn3 S Firmware, Wrh 300yg3 S Firmware, Wrh 300dr3 S Firmware

Elecom

8 products

Wrh 300bk3 Firmware

Wrh 300wh3 Firmware

Wrh 300bk3 S Firmware

Wrh 300wh3 S Firmware

Wrh 300lb3 S Firmware

Wrh 300pn3 S Firmware

Wrh 300yg3 S Firmware

Wrh 300dr3 S Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300bk3 Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300bk3	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300wh3 Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300wh3	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300bk3 S Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300bk3 S	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300wh3 S Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300wh3 S	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300lb3 S Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300lb3 S	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300pn3 S Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300pn3 S	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300yg3 S Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300yg3 S	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elecom Wrh 300dr3 S Firmware	Up to 1.05

Running on/with	Platform Versions
Elecom Wrh 300dr3 S	All versions

References (4)

https://jvn.jp/en/jp/JVN17482543/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.elecom.co.jp/news/security/20220208-02/

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN17482543/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.elecom.co.jp/news/security/20220208-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.