CVE-2021-20739
moderate-risk
Published 2021-07-07
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors.
Do I need to act?
-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (11)
Wrc-300Febk Firmware
Wrc-F300Nf Firmware
Wrc-733Febk Firmware
Wrh-300Rd Firmware
Wrh-300Bk Firmware
Wrh-300Sv Firmware
Wrh-300Wh Firmware
Wrh-H300Wh Firmware
Wrh-H300Bk Firmware
Wrh-300Bk-S Firmware
Wrh-300Wh-S Firmware
Affected Vendors
References (4)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU94260088/index.html
Vendor Advisory
https://www.elecom.co.jp/news/security/20210706-01/
Third Party Advisory
https://jvn.jp/en/vu/JVNVU94260088/index.html
Vendor Advisory
https://www.elecom.co.jp/news/security/20210706-01/
44
/ 100
moderate-risk
Severity
27/34 · High
Exploitability
1/34 · Minimal
Exposure
16/34 · Moderate