CVE-2021-20859

ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:47

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN88993473/index.html - Third Party Advisory () https://jvn.jp/en/jp/JVN88993473/index.html - Third Party Advisory
References () https://www.elecom.co.jp/news/security/20211130-01/ - Vendor Advisory () https://www.elecom.co.jp/news/security/20211130-01/ - Vendor Advisory

Information

Published : 2021-12-01 03:15

Updated : 2024-11-21 05:47


NVD link : CVE-2021-20859

Mitre link : CVE-2021-20859

CVE.ORG link : CVE-2021-20859


JSON object : View

Products Affected

elecom

  • wrc-2533gst
  • edwrc-2533gst2_firmware
  • wrc-2533gst2
  • wrc-2533gs2-w_firmware
  • wrc-2533gst_firmware
  • wrc-2533gst2sp
  • wrc-1750gsv
  • wrc-1167gst2h
  • wrc-2533gs2-b_firmware
  • wrc-1167gst2_firmware
  • wrc-2533gst2_firmware
  • wrc-1750gs
  • wrc-1167gst2
  • wrc-2533gsta
  • wrc-2533gs2-w
  • wrc-2533gst2-g_firmware
  • wrc-1900gst
  • wrc-1167gst2h_firmware
  • edwrc-2533gst2
  • wrc-1750gsv_firmware
  • wrc-2533gst2sp_firmware
  • wrc-1900gst_firmware
  • wrc-1167gst2a_firmware
  • wrc-2533gsta_firmware
  • wrc-1750gs_firmware
  • wrc-2533gs2-b
  • wrc-2533gst2-g
  • wrc-1167gst2a
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')