Improper Access Control in ELECOM Routers
CVE-2021-20862

4.3MEDIUM

Key Information:

Vendor: Elecom Co.,ltd.
Status: Elecom Routers
Vendor: CVE Published:; 1 December 2021

🔔 Create Elecom Co.,ltd. Vulnerability Alert

What is CVE-2021-20862?

An improper access control vulnerability exists in several models of ELECOM routers, allowing an unauthenticated attacker with network access to bypass restrictions. This can result in the compromise of sensitive settings, including the ability to obtain anti-CSRF tokens and alter the configurations of affected devices. The issue affects multiple firmware versions, creating significant risks for users who do not apply necessary updates.

Affected Version(s)

ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior)

References

https://www.elecom.co.jp/news/security/20211130-01/

x_refsource_MISC

https://jvn.jp/en/vu/JVNVU94527926/index.html

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 1, 2021
Vulnerability Reserved
Dec 17, 2020