CVE-2021-20861 : Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmwa

Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.

Published 2021-12-01 03:15:07

Updated 2022-06-28 14:11:45

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2021-20861

Elecom » Wrc-2533gst2 Firmware
Versions up to, including, (<=) 1.25
cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-2533gst2 » Version: N/A
Elecom » Wrc-1167gst2 Firmware
Versions up to, including, (<=) 1.25
cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167gst2 » Version: N/A
Elecom » Wrc-1167gst2a Firmware
Versions up to, including, (<=) 1.25
cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167gst2a » Version: N/A
Elecom » Wrc-1167gst2h Firmware
Versions up to, including, (<=) 1.25
cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1167gst2h » Version: N/A
Elecom » Wrc-2533gs2-b Firmware
Versions up to, including, (<=) 1.52
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-2533gs2-b » Version: N/A
Elecom » Wrc-2533gs2-w Firmware
Versions up to, including, (<=) 1.52
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-2533gs2-w » Version: N/A
Elecom » Wrc-1750gs Firmware
Versions up to, including, (<=) 1.03
cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1750gs » Version: N/A
Elecom » Wrc-1750gsv Firmware
Versions up to, including, (<=) 2.11
cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1750gsv » Version: N/A
Elecom » Wrc-1900gst Firmware
Versions up to, including, (<=) 1.03
cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-1900gst » Version: N/A
Elecom » Wrc-2533gst Firmware
Versions up to, including, (<=) 1.03
cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-2533gst » Version: N/A
Elecom » Wrc-2533gsta Firmware
Versions up to, including, (<=) 1.03
cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-2533gsta » Version: N/A
Elecom » Wrc-2533gst2sp Firmware
Versions up to, including, (<=) 1.25
cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-2533gst2sp » Version: N/A
Elecom » Wrc-2533gst2-g Firmware
Versions up to, including, (<=) 1.25
cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Wrc-2533gst2-g » Version: N/A
Elecom » Edwrc-2533gst2 Firmware
Versions up to, including, (<=) 1.25
cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Elecom » Edwrc-2533gst2 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-20861

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-20861

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:A/AC:L/Au:N/C:P/I:P/A:P	6.5	6.4	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-20861

https://jvn.jp/en/jp/JVN88993473/index.html

JVN#88993473: Multiple vulnerabilities in multiple ELECOM LAN routers
Third Party Advisory

CVEs referencing this url
https://www.elecom.co.jp/news/security/20211130-01/

無線LANルーターのセキュリティ向上のためのファームウェアアップデートのお願い - 最新情報 - セキュリティ情報｜ELECOM
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-20861

Products affected by CVE-2021-20861

Exploit prediction scoring system (EPSS) score for CVE-2021-20861

CVSS scores for CVE-2021-20861

References for CVE-2021-20861