Remote Code Execution Vulnerability in ELECOM LAN Routers
CVE-2020-5634

8.8HIGH

Key Information:

Vendor: Elecom Co.,ltd.
Status: Elecom Lan Routers
Vendor: CVE Published:; 6 October 2020

Summary

ELECOM LAN routers are susceptible to a security vulnerability that permits an attacker situated on the same network segment to execute arbitrary operating system commands with root privileges. This exploitation can occur through undisclosed vectors, posing a significant risk to device integrity and confidentiality. Users are advised to upgrade their firmware to the latest versions to mitigate potential threats.

Affected Version(s)

ELECOM LAN routers WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10

References

https://www.elecom.co.jp/news/security/20201005-01/

x_refsource_MISC

https://jvn.jp/en/jp/JVN82892096/index.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2020
Vulnerability Reserved
Jan 6, 2020