Hidden Functionality Vulnerability in ELECOM LAN Routers
CVE-2022-21173

8.8HIGH

Key Information:

Vendor: Elecom Co.,ltd.
Status: Elecom Lan Routers
Vendor: CVE Published:; 8 February 2022

Summary

A vulnerability in certain ELECOM LAN routers allows an attacker on the same network to exploit hidden functionality, enabling the execution of arbitrary operating system commands. This can occur through unspecified vectors, putting affected devices at risk of unauthorized access and control. Firmware versions v1.05 and earlier for multiple router models are susceptible, underscoring the importance of maintaining updated security measures to protect network integrity.

Affected Version(s)

ELECOM LAN routers WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier

References

https://www.elecom.co.jp/news/security/20220208-02/

x_refsource_MISC

https://jvn.jp/en/jp/JVN17482543/index.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2022
Vulnerability Reserved
Feb 1, 2022