CVE-2021-20859: OS Command Injection
First published: Wed Dec 01 2021(Updated: )
ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to execute an arbitrary OS command via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elecom Wrc-1167gst2 Firmware | <=1.25 | |
| Elecom Wrc-1167gst2 | ||
| Elecom Wrc-1167gst2a Firmware | <=1.25 | |
| Elecom Wrc-1167gst2a | ||
| Elecom Wrc-1167gst2h Firmware | <=1.25 | |
| Elecom Wrc-1167gst2h | ||
| Elecom Wrc-2533gs2-b Firmware | <=1.52 | |
| Elecom Wrc-2533gs2-b | ||
| Elecom Wrc-2533gs2-w Firmware | <=1.52 | |
| Elecom Wrc-2533gs2-w | ||
| Elecom Wrc-1750gs Firmware | <=1.03 | |
| Elecom Wrc-1750gs | ||
| Elecom Wrc-1750gsv Firmware | <=2.11 | |
| Elecom Wrc-1750gsv | ||
| Elecom Wrc-1900gst Firmware | <=1.03 | |
| Elecom Wrc-1900gst | ||
| Elecom Wrc-2533gst Firmware | <=1.03 | |
| Elecom Wrc-2533gst | ||
| Elecom Wrc-2533gst2 Firmware | <=1.25 | |
| Elecom Wrc-2533gst2 | ||
| Elecom Wrc-2533gsta Firmware | <=1.03 | |
| Elecom Wrc-2533gsta | ||
| Elecom Wrc-2533gst2sp Firmware | <=1.25 | |
| Elecom Wrc-2533gst2sp | ||
| Elecom Wrc-2533gst2-g Firmware | <=1.25 | |
| Elecom Wrc-2533gst2-g | ||
| Elecom Edwrc-2533gst2 Firmware | <=1.25 | |
| Elecom Edwrc-2533gst2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20859?
CVE-2021-20859 is a vulnerability found in ELECOM LAN routers, specifically in the WRC-1167GST2, WRC-1167GST2A, WRC-1167GST2H, WRC-2533GS2-B, WRC-2533GS2-W, WRC-1750GS, WRC-1750GSV, and WRC-1900GST models.
What is the severity of CVE-2021-20859?
The severity of CVE-2021-20859 is high, with a severity value of 8.
How can I check if my ELECOM LAN router is affected by CVE-2021-20859?
You can check if your ELECOM LAN router is affected by CVE-2021-20859 by referring to the firmware versions mentioned in the vulnerability description.
How can I fix CVE-2021-20859?
To fix CVE-2021-20859, you should update your ELECOM LAN router's firmware to a version that is later than the vulnerable versions mentioned in the vulnerability description.
Where can I find more information about CVE-2021-20859?
You can find more information about CVE-2021-20859 in the references provided: [link1] and [link2].
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/elecom
- canonical/elecom wrc-1167gst2 firmware
- version/elecom wrc-1167gst2 firmware/1.25
- canonical/elecom wrc-1167gst2
- canonical/elecom wrc-1167gst2a firmware
- version/elecom wrc-1167gst2a firmware/1.25
- canonical/elecom wrc-1167gst2a
- canonical/elecom wrc-1167gst2h firmware
- version/elecom wrc-1167gst2h firmware/1.25
- canonical/elecom wrc-1167gst2h
- canonical/elecom wrc-2533gs2-b firmware
- version/elecom wrc-2533gs2-b firmware/1.52
- canonical/elecom wrc-2533gs2-b
- canonical/elecom wrc-2533gs2-w firmware
- version/elecom wrc-2533gs2-w firmware/1.52
- canonical/elecom wrc-2533gs2-w
- canonical/elecom wrc-1750gs firmware
- version/elecom wrc-1750gs firmware/1.03
- canonical/elecom wrc-1750gs
- canonical/elecom wrc-1750gsv firmware
- version/elecom wrc-1750gsv firmware/2.11
- canonical/elecom wrc-1750gsv
- canonical/elecom wrc-1900gst firmware
- version/elecom wrc-1900gst firmware/1.03
- canonical/elecom wrc-1900gst
- canonical/elecom wrc-2533gst firmware
- version/elecom wrc-2533gst firmware/1.03
- canonical/elecom wrc-2533gst
- canonical/elecom wrc-2533gst2 firmware
- version/elecom wrc-2533gst2 firmware/1.25
- canonical/elecom wrc-2533gst2
- canonical/elecom wrc-2533gsta firmware
- version/elecom wrc-2533gsta firmware/1.03
- canonical/elecom wrc-2533gsta
- canonical/elecom wrc-2533gst2sp firmware
- version/elecom wrc-2533gst2sp firmware/1.25
- canonical/elecom wrc-2533gst2sp
- canonical/elecom wrc-2533gst2-g firmware
- version/elecom wrc-2533gst2-g firmware/1.25
- canonical/elecom wrc-2533gst2-g
- canonical/elecom edwrc-2533gst2 firmware
- version/elecom edwrc-2533gst2 firmware/1.25
- canonical/elecom edwrc-2533gst2