Arbitrary Script Execution Vulnerability in ELECOM Wireless Router
CVE-2021-20644

6.1MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Wrc-1467ghbk-a
Vendor: CVE Published:; 12 February 2021

🔔 Create Elecom Co.,ltd. Vulnerability Alert

What is CVE-2021-20644?

The ELECOM WRC-1467GHBK-A wireless router contains a vulnerability that permits arbitrary scripts to be executed in the user's web browser. This occurs due to the device's ability to display specially crafted SSIDs on its web setup page, which can lead to unintended script execution. Users may unwittingly expose themselves to security risks if they have a compromised SSID. It is essential to apply security best practices and stay informed about updates related to this vulnerability.

Affected Version(s)

WRC-1467GHBK-A WRC-1467GHBK-A

References

https://www.elecom.co.jp/news/security/20210126-01/

x_refsource_MISC

https://jvn.jp/en/jp/JVN47580234/index.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2021
Vulnerability Reserved
Dec 17, 2020