Details of VAR-202112-0023

ID

VAR-202112-0023

CVE

CVE-2021-20861

TITLE

elecom lan routers access control error vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-95485

DESCRIPTION

Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. elecom lan routers is a router of Japan Elecom. Elecom lan routers has an access control error vulnerability. Attackers can use this vulnerability to bypass access restrictions and access the product management screen through an unspecified vector

Trust: 1.44

sources: NVD: CVE-2021-20861 // CNVD: CNVD-2021-95485

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-95485

AFFECTED PRODUCTS

vendor:	elecom	model:	wrc-2533gst2-g	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gs2-b	scope:	lte	version:	1.52	Trust: 1.0
vendor:	elecom	model:	edwrc-2533gst2	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-1750gsv	scope:	lte	version:	2.11	Trust: 1.0
vendor:	elecom	model:	wrc-1167gst2	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gs2-w	scope:	lte	version:	1.52	Trust: 1.0
vendor:	elecom	model:	wrc-1167gst2h	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gsta	scope:	lte	version:	1.03	Trust: 1.0
vendor:	elecom	model:	wrc-1900gst	scope:	lte	version:	1.03	Trust: 1.0
vendor:	elecom	model:	wrc-2533gst2	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-1167gst2a	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-2533gst	scope:	lte	version:	1.03	Trust: 1.0
vendor:	elecom	model:	wrc-2533gst2sp	scope:	lte	version:	1.25	Trust: 1.0
vendor:	elecom	model:	wrc-1750gs	scope:	lte	version:	1.03	Trust: 1.0
vendor:	elecom	model:	lan routers <=wrc-1167gst2	scope:	eq	version:	v1.25	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-1167gst2a	scope:	eq	version:	v1.25	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-1167gst2h	scope:	eq	version:	v1.25	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-2533gs2-b	scope:	eq	version:	v1.52	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-2533gs2-w	scope:	eq	version:	v1.52	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-1750gs	scope:	eq	version:	v1.03	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-1750gsv	scope:	eq	version:	v2.11	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-1900gst	scope:	eq	version:	v1.03	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-2533gst	scope:	eq	version:	v1.03	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-2533gsta	scope:	eq	version:	v1.03	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-2533gst2	scope:	eq	version:	v1.25	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-2533gst2sp	scope:	eq	version:	v1.25	Trust: 0.6
vendor:	elecom	model:	lan routers <=wrc-2533gst2-g	scope:	eq	version:	v1.25	Trust: 0.6
vendor:	elecom	model:	lan routers <=edwrc-2533gst2	scope:	eq	version:	v1.25	Trust: 0.6

sources: CNVD: CNVD-2021-95485 // NVD: CVE-2021-20861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-20861
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-95485
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202111-2334
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-20861
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2021-95485
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-20861
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-95485 // CNNVD: CNNVD-202111-2334 // NVD: CVE-2021-20861

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2021-20861

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202111-2334

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202111-2334

PATCH

title:	Patch for elecom lan routers access control error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/303631	Trust: 0.6
title:	elecom lan Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172659	Trust: 0.6

sources: CNVD: CNVD-2021-95485 // CNNVD: CNNVD-202111-2334

EXTERNAL IDS

db:	NVD	id:	CVE-2021-20861	Trust: 2.2
db:	JVN	id:	JVN88993473	Trust: 1.6
db:	CS-HELP	id:	SB2021113005	Trust: 1.2
db:	CNVD	id:	CNVD-2021-95485	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-2334	Trust: 0.6

sources: CNVD: CNVD-2021-95485 // CNNVD: CNNVD-202111-2334 // NVD: CVE-2021-20861

REFERENCES

url:	https://jvn.jp/en/jp/jvn88993473/index.html	Trust: 1.6
url:	https://www.elecom.co.jp/news/security/20211130-01/	Trust: 1.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021113005	Trust: 1.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20861	Trust: 0.6

sources: CNVD: CNVD-2021-95485 // CNNVD: CNNVD-202111-2334 // NVD: CVE-2021-20861

SOURCES

db:	CNVD	id:	CNVD-2021-95485
db:	CNNVD	id:	CNNVD-202111-2334
db:	NVD	id:	CVE-2021-20861

LAST UPDATE DATE

2024-08-14T13:22:35.257000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-95485	date:	2021-12-09T00:00:00
db:	CNNVD	id:	CNNVD-202111-2334	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2021-20861	date:	2022-06-28T14:11:45.273

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-95485	date:	2021-12-09T00:00:00
db:	CNNVD	id:	CNNVD-202111-2334	date:	2021-11-30T00:00:00
db:	NVD	id:	CVE-2021-20861	date:	2021-12-01T03:15:07.130