var-202112-0023
Vulnerability from variot
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. elecom lan routers is a router of Japan Elecom.
Elecom lan routers has an access control error vulnerability. Attackers can use this vulnerability to bypass access restrictions and access the product management screen through an unspecified vector
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrc-2533gst2-g",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gs2-b",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "edwrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1750gsv",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "2.11"
},
{
"model": "wrc-1167gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gs2-w",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.52"
},
{
"model": "wrc-1167gst2h",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gsta",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-1900gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1167gst2a",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-2533gst",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "wrc-2533gst2sp",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.25"
},
{
"model": "wrc-1750gs",
"scope": "lte",
"trust": 1.0,
"vendor": "elecom",
"version": "1.03"
},
{
"model": "lan routers \u003c=wrc-1167gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2a",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-1167gst2h",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gs2-b",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.52"
},
{
"model": "lan routers \u003c=wrc-2533gs2-w",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.52"
},
{
"model": "lan routers \u003c=wrc-1750gs",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-1750gsv",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v2.11"
},
{
"model": "lan routers \u003c=wrc-1900gst",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gst",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gsta",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.03"
},
{
"model": "lan routers \u003c=wrc-2533gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gst2sp",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=wrc-2533gst2-g",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
},
{
"model": "lan routers \u003c=edwrc-2533gst2",
"scope": "eq",
"trust": 0.6,
"vendor": "elecom",
"version": "v1.25"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"cve": "CVE-2021-20861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2021-20861",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2021-95485",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-20861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-20861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-95485",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-2334",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. elecom lan routers is a router of Japan Elecom. \n\r\n\r\nElecom lan routers has an access control error vulnerability. Attackers can use this vulnerability to bypass access restrictions and access the product management screen through an unspecified vector",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20861"
},
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-20861",
"trust": 2.2
},
{
"db": "JVN",
"id": "JVN88993473",
"trust": 1.6
},
{
"db": "CS-HELP",
"id": "SB2021113005",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2021-95485",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"id": "VAR-202112-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
]
},
"last_update_date": "2024-08-14T13:22:35.257000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for elecom lan routers access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/303631"
},
{
"title": "elecom lan Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172659"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/jp/jvn88993473/index.html"
},
{
"trust": 1.6,
"url": "https://www.elecom.co.jp/news/security/20211130-01/"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021113005"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"date": "2021-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"date": "2021-12-01T03:15:07.130000",
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-95485"
},
{
"date": "2021-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-2334"
},
{
"date": "2022-06-28T14:11:45.273000",
"db": "NVD",
"id": "CVE-2021-20861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "elecom lan routers access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-95485"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-2334"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.