ELECOM LAN routers command execution | CVE-2022-21173
NAME
ELECOM LAN routers command execution
- Platforms Affected:
ELECOM LAN WRH-300BK3 1.05
ELECOM LAN WRH-300WH3 1.05
ELECOM LAN WRH-300BK3-S 1.05
ELECOM LAN WRH-300DR3-S 1.05
ELECOM LAN WRH-300LB3-S 1.05
ELECOM LAN WRH-300PN3-S 1.05
ELECOM LAN WRH-300WH3-S 1.05
ELECOM LAN WRH-300YG3-S 1.05 - Risk Level:
8.8 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
ELECOM LAN routers could allow a remote attacker to execute arbitrary commands on the system, caused by a hidden functionality flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Adjacent Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to ELECOM LAN Web site for patch, upgrade or suggested workaround information. See References.
- Reference Link:
http://jvn.jp/en/jp/JVN17482543/index.html - Reference Link:
https://www.elecom.co.jp/news/security/20220208-02/
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.