CVE-2021-20863
moderate-risk
Published 2021-12-01
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.
Do I need to act?
~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (14)
Wrc-1167Gst2 Firmware
Wrc-1167Gst2A Firmware
Wrc-1167Gst2H Firmware
Wrc-2533Gs2-B Firmware
Wrc-2533Gs2-W Firmware
Wrc-1750Gs Firmware
Wrc-1750Gsv Firmware
Wrc-1900Gst Firmware
Wrc-2533Gst Firmware
Wrc-2533Gst2 Firmware
Wrc-2533Gsta Firmware
Wrc-2533Gst2Sp Firmware
Wrc-2533Gst2-G Firmware
Edwrc-2533Gst2 Firmware
Affected Vendors
References (4)
Third Party Advisory
https://jvn.jp/en/vu/JVNVU94527926/index.html
Vendor Advisory
https://www.elecom.co.jp/news/security/20211130-01/
Third Party Advisory
https://jvn.jp/en/vu/JVNVU94527926/index.html
Vendor Advisory
https://www.elecom.co.jp/news/security/20211130-01/
47
/ 100
moderate-risk
Severity
25/34 · High
Exploitability
4/34 · Minimal
Exposure
18/34 · Moderate