[Japanese]

JVNDB-2021-001977

Multiple vulnerabilities in Elecom routers

Overview

Multiple routers provided by ELECOM CO.,LTD. contain information disclosure and OS command injection vulnerabilities.

Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.

WRC-1167FS-W, WRC-1167FS-B, WRC-1167FSA

* Information disclosure (CWE-200) - CVE-2021-20738

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, WRH-300WH-S

* OS command injection (CWE-78) - CVE-2021-20739

Chuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.8 (Medium) [NVD Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20739


CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20738
Affected Products


ELECOM CO.,LTD.
  • WRC-1167FS-B
  • WRC-1167FS-W
  • WRC-1167FSA
  • WRC-300FEBK firmware
  • WRC-733FEBK firmware
  • WRC-F300NF firmware
  • WRH-300BK firmware
  • WRH-300BK-S firmware
  • WRH-300RD firmware
  • WRH-300SV firmware
  • WRH-300WH firmware
  • WRH-300WH-S firmwware
  • WRH-H300BK firmware
  • WRH-H300WH firmware

Impact

* An unauthenticated network-adjacent attacker can possibly obtain sensitive information. - CVE-2021-20738
* An unauthenticated network-adjacent attacker can execute arbitrary OS commands. - CVE-2021-20739
Solution

[Stop using the products]
Vulnerable products listed below are no longer supported. Stop using the products and consider switching to alternatives.
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, WRH-300WH-S

[Apply a workaround]
For WRC-1167FS-W, WRC-1167FS-B and WRC-1167FSA, applying the following workarounds may mitigate the impacts of vulnerabilities. According to the developer, firmware updates for these products will not be released.

* Change the password of products.
* Do not access unnecessary web sites while logged into the products.
* Quit the web browser after completing the settings.
* Delete the password stored in the browser.
Vendor Information

ELECOM CO.,LTD.
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
  2. OS Command Injection(CWE-78) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2021-20738
  2. CVE-2021-20739
References

  1. JVN : JVNVU#94260088
  2. National Vulnerability Database (NVD) : CVE-2021-20738
  3. National Vulnerability Database (NVD) : CVE-2021-20739
Revision History

  • [2021/07/07]
      Web page was published
  • [2021/07/12]
      Solution was updated