Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-20862: Multiple vulnerabilities in multiple ELECOM routers

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to obtain anti-CSRF tokens and change the product’s settings via unspecified vectors.

CVE
#csrf#vulnerability

Published:2021/11/30 Last Updated:2021/11/30

Overview

Multiple ELECOM routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities.

Products Affected

  • WRC-1167GST2 firmware v1.25 and prior
  • WRC-1167GST2A firmware v1.25 and prior
  • WRC-1167GST2H firmware v1.25 and prior
  • WRC-2533GS2-B firmware v1.52 and prior
  • WRC-2533GS2-W firmware v1.52 and prior
  • WRC-1750GS firmware v1.03 and prior
  • WRC-1750GSV firmware v2.11 and prior
  • WRC-1900GST firmware v1.03 and prior
  • WRC-2533GST firmware v1.03 and prior
  • WRC-2533GSTA firmware v1.03 and prior
  • WRC-2533GST2 firmware v1.25 and prior
  • WRC-2533GST2SP firmware v1.25 and prior
  • WRC-2533GST2-G firmware v1.25 and prior
  • EDWRC-2533GST2 firmware v1.25 and prior

Description

Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

  • Improper access control leading to anti-CSRF tokens disclosure (CWE-284) - CVE-2021-20862

    CVSS v3

    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

    Base Score: 5.4

  • OS command injection (CWE-78) - CVE-2021-20863

    CVSS v3

    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    Base Score: 8.8

  • Improper access control leading to unauthorized activation of telnet service (CWE-284) - CVE-2021-20864

    CVSS v3

    CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

    Base Score: 7.5

Impact

  • A network-adjacent unauthenticated attacker may obtain anti-CSRF tokens and change the product’s settings - CVE-2021-20862
  • An attacker who can log in to the management screen may execute arbitrary OS commands with the root privilege - CVE-2021-20863
  • A network-adjacent unauthenticated attacker may start the telnet service and exexute arbitrary OS commands with the root privilege - CVE-2021-20864

Solution

Apply the appropriate firmware update
Apply the appropriate firmware update according to the information provided by the developer.
The developer has released fixed versions listed below.

  • WRC-1167GST2 firmware v1.27
  • WRC-1167GST2A firmware v1.27
  • WRC-1167GST2H firmware v1.27
  • WRC-2533GS2-B firmware v1.61
  • WRC-2533GS2-W firmware v1.61
  • WRC-1750GS firmware v1.06
  • WRC-1750GSV firmware v2.30
  • WRC-1900GST firmware v1.06
  • WRC-2533GST firmware v1.06
  • WRC-2533GSTA firmware v1.06
  • WRC-2533GST2 firmware v1.27
  • WRC-2533GST2SP firmware v1.27
  • WRC-2533GST2-G firmware v1.27
  • EDWRC-2533GST2 firmware v1.27

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Chuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of these vulnerabilities.

Other Information

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907