Improper Access Control in ELECOM LAN Routers
CVE-2022-25915

8.8HIGH

Key Information:

Vendor: Elecom Co.,ltd.
Status: Elecom Lan Routers
Vendor: CVE Published:; 31 March 2022

Summary

An improper access control vulnerability exists in ELECOM LAN routers that allows an authenticated attacker on the network to bypass access restrictions. This vulnerability potentially enables an attacker to access the management interface of the devices via unspecified vectors, posing risks to network integrity and user data.

Affected Version(s)

ELECOM LAN routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior

References

https://www.elecom.co.jp/news/security/20211130-01/

x_refsource_MISC

https://jvn.jp/en/jp/JVN88993473/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2022
Vulnerability Reserved
Mar 10, 2022