CVE-2022-25915
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.
Affected (23)
Products: Elecom: Wrc 1167gst2 Firmware, Wrc 1167gst2a Firmware, Wrc 1167gst2h Firmware, Wrc 2533gs2 B Firmware, Wrc 2533gs2 W Firmware, Wrc 1750gs Firmware, Wrc 1750gsv Firmware, Wrc 1900gst Firmware, Wrc 2533gst Firmware, Wrc 2533gst2 Firmware, Wrc 2533gsta Firmware, Wrc 2533gst2sp Firmware, Wrc 2533gst2 G Firmware, Edwrc 2533gst2 Firmware, Wrc 1167gs2 B Firmware, Wrc 1167gs2h B Firmware, Wmc Dlgst2 W Firmware, Wmc M1267gst2 W Firmware, Wmc 2hc W Firmware, Wmc C2533gst W Firmware, Wrc 1900gst2 Firmware, Wrc 1900gst2sp Firmware, Wrc 1750gst2 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2a | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gst2h | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.52 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gs2 B | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.52 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gs2 W | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1750gs | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 2.11 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1750gsv | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1900gst | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.03 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gsta | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2sp | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 2533gst2 G | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.25 |
| Running on/with | Platform Versions |
|---|---|
Elecom Edwrc 2533gst2 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.65 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gs2 B | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.65 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1167gs2h B | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.24 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wmc Dlgst2 W | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.24 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wmc M1267gst2 W | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.24 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wmc 2hc W | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.24 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wmc C2533gst W | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.15 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1900gst2 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.15 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1900gst2sp | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.14 |
| Running on/with | Platform Versions |
|---|---|
Elecom Wrc 1750gst2 | All versions |
References (4)
Source: vultures@jpcert.or.jp
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline
No history available yet.