CVE-2021-20863
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.
Una vulnerabilidad de inyección de comandos del SO en los routers ELECOM (firmware WRC-1167GST2 versiones v1.25 y anteriores, firmware WRC-1167GST2A versiones v1.25 y anteriores, firmware WRC-1167GST2H v1. 25 y anteriores, WRC-2533GS2-B firmware v1.52 y anteriores, firmware WRC-2533GS2-W versiones v1.52 y anteriores, firmware WRC-1750GS versiones v1.03 y anteriores, firmware WRC-1750GSV versiones v2.11 y anteriores, firmware WRC-1900GST versiones v1. 03 y anteriores, firmware WRC-2533GST v1.03 y anteriores, firmware WRC-2533GSTA v1.03 y anteriores, firmware WRC-2533GST2 v1.25 y anteriores, firmware WRC-2533GST2SP v1.25 y anteriores, firmware WRC-2533GST2-G v1. 25 y anteriores, y firmware EDWRC-2533GST2 versiones v1.25 y anteriores) permite a un atacante autenticado adyacente a la red ejecutar un comando arbitrario del sistema operativo con el privilegio de root por medio de vectores no especificados
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-12-01 CVE Published
- 2023-06-23 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://jvn.jp/en/vu/JVNVU94527926/index.html | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.elecom.co.jp/news/security/20211130-01 | 2021-12-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Elecom Search vendor "Elecom" | Wrc-1167gst2 Firmware Search vendor "Elecom" for product "Wrc-1167gst2 Firmware" | <= 1.25 Search vendor "Elecom" for product "Wrc-1167gst2 Firmware" and version " <= 1.25" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-1167gst2 Search vendor "Elecom" for product "Wrc-1167gst2" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-1167gst2a Firmware Search vendor "Elecom" for product "Wrc-1167gst2a Firmware" | <= 1.25 Search vendor "Elecom" for product "Wrc-1167gst2a Firmware" and version " <= 1.25" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-1167gst2a Search vendor "Elecom" for product "Wrc-1167gst2a" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-1167gst2h Firmware Search vendor "Elecom" for product "Wrc-1167gst2h Firmware" | <= 1.25 Search vendor "Elecom" for product "Wrc-1167gst2h Firmware" and version " <= 1.25" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-1167gst2h Search vendor "Elecom" for product "Wrc-1167gst2h" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-2533gs2-b Firmware Search vendor "Elecom" for product "Wrc-2533gs2-b Firmware" | <= 1.52 Search vendor "Elecom" for product "Wrc-2533gs2-b Firmware" and version " <= 1.52" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-2533gs2-b Search vendor "Elecom" for product "Wrc-2533gs2-b" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-2533gs2-w Firmware Search vendor "Elecom" for product "Wrc-2533gs2-w Firmware" | <= 1.52 Search vendor "Elecom" for product "Wrc-2533gs2-w Firmware" and version " <= 1.52" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-2533gs2-w Search vendor "Elecom" for product "Wrc-2533gs2-w" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-1750gs Firmware Search vendor "Elecom" for product "Wrc-1750gs Firmware" | <= 1.03 Search vendor "Elecom" for product "Wrc-1750gs Firmware" and version " <= 1.03" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-1750gs Search vendor "Elecom" for product "Wrc-1750gs" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-1750gsv Firmware Search vendor "Elecom" for product "Wrc-1750gsv Firmware" | <= 2.11 Search vendor "Elecom" for product "Wrc-1750gsv Firmware" and version " <= 2.11" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-1750gsv Search vendor "Elecom" for product "Wrc-1750gsv" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-1900gst Firmware Search vendor "Elecom" for product "Wrc-1900gst Firmware" | <= 1.03 Search vendor "Elecom" for product "Wrc-1900gst Firmware" and version " <= 1.03" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-1900gst Search vendor "Elecom" for product "Wrc-1900gst" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-2533gst Firmware Search vendor "Elecom" for product "Wrc-2533gst Firmware" | <= 1.03 Search vendor "Elecom" for product "Wrc-2533gst Firmware" and version " <= 1.03" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-2533gst Search vendor "Elecom" for product "Wrc-2533gst" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-2533gst2 Firmware Search vendor "Elecom" for product "Wrc-2533gst2 Firmware" | <= 1.25 Search vendor "Elecom" for product "Wrc-2533gst2 Firmware" and version " <= 1.25" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-2533gst2 Search vendor "Elecom" for product "Wrc-2533gst2" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-2533gsta Firmware Search vendor "Elecom" for product "Wrc-2533gsta Firmware" | <= 1.03 Search vendor "Elecom" for product "Wrc-2533gsta Firmware" and version " <= 1.03" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-2533gsta Search vendor "Elecom" for product "Wrc-2533gsta" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-2533gst2sp Firmware Search vendor "Elecom" for product "Wrc-2533gst2sp Firmware" | <= 1.25 Search vendor "Elecom" for product "Wrc-2533gst2sp Firmware" and version " <= 1.25" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-2533gst2sp Search vendor "Elecom" for product "Wrc-2533gst2sp" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Wrc-2533gst2-g Firmware Search vendor "Elecom" for product "Wrc-2533gst2-g Firmware" | <= 1.25 Search vendor "Elecom" for product "Wrc-2533gst2-g Firmware" and version " <= 1.25" | - |
Affected
| in | Elecom Search vendor "Elecom" | Wrc-2533gst2-g Search vendor "Elecom" for product "Wrc-2533gst2-g" | - | - |
Safe
|
Elecom Search vendor "Elecom" | Edwrc-2533gst2 Firmware Search vendor "Elecom" for product "Edwrc-2533gst2 Firmware" | <= 1.25 Search vendor "Elecom" for product "Edwrc-2533gst2 Firmware" and version " <= 1.25" | - |
Affected
| in | Elecom Search vendor "Elecom" | Edwrc-2533gst2 Search vendor "Elecom" for product "Edwrc-2533gst2" | - | - |
Safe
|