Details of VAR-202112-0021

ID

VAR-202112-0021

CVE

CVE-2021-20863

TITLE

Multiple vulnerabilities in ELECOM router

Trust: 0.8

sources: JVNDB: JVNDB-2021-004912

DESCRIPTION

OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors. The following vulnerabilities exist in multiple router products provided by ELECOM Corporation. It was * CSRF Insufficient access restrictions for countermeasure tokens (CWE-284) - CVE-2021-20862 ‥ * OS Command injection (CWE-78) ‥ * telnet Inadequate access control to services (CWE-284) - CVE-2021-20864 This vulnerability information is from Zero Zero One Co., Ltd. Mr. Katsuhiko Sato (gooh_kun), Hayakawa Soraya Mr Report directly to the product developer, and after coordinating with the product developer, for the purpose of disseminating it to the product user JVN It was announced in.The expected impact depends on each vulnerability, but it may be affected as follows. * Used in the product by a third party on an adjacent network CSRF There is a possibility that the token will be obtained illegally and the settings will be changed. - CVE-2021-20862 ‥ * By a third party who has access to the management screen of the product root Arbitrary with authority OS The command may be executed - CVE-2021-20863 ‥ * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS The command may be executed - CVE-2021-20864. Elecom Edwrc is a series of routers from Japan's Elecom company. Elecom Edwrc has an operating system command injection vulnerability. The vulnerability originates from the fact that the network system or product does not properly filter special elements in the process of constructing executable commands from external input data of the ELECOM router. Attackers can use this vulnerability to execute illegal commands

Trust: 2.16

sources: NVD: CVE-2021-20863 // JVNDB: JVNDB-2021-004912 // CNVD: CNVD-2021-102397

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-102397

AFFECTED PRODUCTS

vendor:	elecom	model:	wrc-2533gst2-g	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gs2-b	scope:	lte	version:	1.52	Trust: 1.0
vendor:	elecom	model:	edwrc-2533gst2	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-1750gsv	scope:	lte	version:	2.11	Trust: 1.0
vendor:	elecom	model:	wrc-1167gst2	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gs2-w	scope:	lte	version:	1.52	Trust: 1.0
vendor:	elecom	model:	wrc-1167gst2h	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gsta	scope:	lte	version:	1.03	Trust: 1.0
vendor:	elecom	model:	wrc-1900gst	scope:	lte	version:	1.03	Trust: 1.0
vendor:	elecom	model:	wrc-2533gst2	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-1167gst2a	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gst	scope:	lte	version:	1.03	Trust: 1.0
vendor:	elecom	model:	wrc-2533gst2sp	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-1750gs	scope:	lte	version:	1.03	Trust: 1.0
vendor:	エレコム株式会社	model:	wrc-2533gst2-g	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1167gst2h	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1167gst2a	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-2533gs2-b	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-2533gst2sp	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1750gs	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	edwrc-2533gst2	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1900gst	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-2533gst	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1167gs2-b	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1167gst2	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1167gs2h-b	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-2533gs2-w	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-2533gsta	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-1750gsv	scope:	-	version:	-	Trust: 0.8
vendor:	エレコム株式会社	model:	wrc-2533gst2	scope:	-	version:	-	Trust: 0.8
vendor:	elecom	model:	edwrc	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-102397 // JVNDB: JVNDB-2021-004912 // NVD: CVE-2021-20863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20863
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2021-004912
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-102397
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202112-008
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-20863
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-102397
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20863
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-004912
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-102397 // JVNDB: JVNDB-2021-004912 // CNNVD: CNNVD-202112-008 // NVD: CVE-2021-20863

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [ Other ]	Trust: 0.8
problemtype:	Inappropriate access control (CWE-284) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-004912 // NVD: CVE-2021-20863

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-008

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-008

PATCH

title:	wireless LAN Request for firmware update to improve router security	url:	https://www.elecom.co.jp/news/security/20211130-01/	Trust: 0.8
title:	Patch for Elecom Edwrc operating system command injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/310391	Trust: 0.6
title:	Elecom Edwrc Repair measures for operating system command injection vulnerability in operating system	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172671	Trust: 0.6

sources: CNVD: CNVD-2021-102397 // JVNDB: JVNDB-2021-004912 // CNNVD: CNNVD-202112-008

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20863	Trust: 3.0
db:	JVN	id:	JVNVU94527926	Trust: 2.4
db:	JVNDB	id:	JVNDB-2021-004912	Trust: 1.4
db:	CNVD	id:	CNVD-2021-102397	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-008	Trust: 0.6

sources: CNVD: CNVD-2021-102397 // JVNDB: JVNDB-2021-004912 // CNNVD: CNNVD-202112-008 // NVD: CVE-2021-20863

REFERENCES

url:	https://jvn.jp/en/vu/jvnvu94527926/index.html	Trust: 1.6
url:	https://www.elecom.co.jp/news/security/20211130-01/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20863	Trust: 1.2
url:	https://jvn.jp/vu/jvnvu94527926/	Trust: 0.8
url:	https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-004912.html	Trust: 0.6

sources: CNVD: CNVD-2021-102397 // JVNDB: JVNDB-2021-004912 // CNNVD: CNNVD-202112-008 // NVD: CVE-2021-20863

SOURCES

db:	CNVD	id:	CNVD-2021-102397
db:	JVNDB	id:	JVNDB-2021-004912
db:	CNNVD	id:	CNNVD-202112-008
db:	NVD	id:	CVE-2021-20863

LAST UPDATE DATE

2024-08-14T13:43:09.267000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-102397	date:	2021-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-004912	date:	2022-03-30T06:03:00
db:	CNNVD	id:	CNNVD-202112-008	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-20863	date:	2021-12-02T16:35:06.923

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-102397	date:	2021-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004912	date:	2021-12-02T00:00:00
db:	CNNVD	id:	CNNVD-202112-008	date:	2021-12-01T00:00:00
db:	NVD	id:	CVE-2021-20863	date:	2021-12-01T03:15:07.223