CVE-2021-20863: OS Command Injection
First published: Wed Dec 01 2021(Updated: )
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elecom Wrc-1167gst2 Firmware | <=1.25 | |
| Elecom Wrc-1167gst2 | ||
| Elecom Wrc-1167gst2a Firmware | <=1.25 | |
| Elecom Wrc-1167gst2a | ||
| Elecom Wrc-1167gst2h Firmware | <=1.25 | |
| Elecom Wrc-1167gst2h | ||
| Elecom Wrc-2533gs2-b Firmware | <=1.52 | |
| Elecom Wrc-2533gs2-b | ||
| Elecom Wrc-2533gs2-w Firmware | <=1.52 | |
| Elecom Wrc-2533gs2-w | ||
| Elecom Wrc-1750gs Firmware | <=1.03 | |
| Elecom Wrc-1750gs | ||
| Elecom Wrc-1750gsv Firmware | <=2.11 | |
| Elecom Wrc-1750gsv | ||
| Elecom Wrc-1900gst Firmware | <=1.03 | |
| Elecom Wrc-1900gst | ||
| Elecom Wrc-2533gst Firmware | <=1.03 | |
| Elecom Wrc-2533gst | ||
| Elecom Wrc-2533gst2 Firmware | <=1.25 | |
| Elecom Wrc-2533gst2 | ||
| Elecom Wrc-2533gsta Firmware | <=1.03 | |
| Elecom Wrc-2533gsta | ||
| Elecom Wrc-2533gst2sp Firmware | <=1.25 | |
| Elecom Wrc-2533gst2sp | ||
| Elecom Wrc-2533gst2-g Firmware | <=1.25 | |
| Elecom Wrc-2533gst2-g | ||
| Elecom Edwrc-2533gst2 Firmware | <=1.25 | |
| Elecom Edwrc-2533gst2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-20863?
CVE-2021-20863 is an OS command injection vulnerability in ELECOM routers.
Which ELECOM router firmware versions are affected by CVE-2021-20863?
ELECOM routers with WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior are affected.
How severe is CVE-2021-20863?
CVE-2021-20863 has a severity rating of high.
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2021-20863?
The CWE IDs associated with CVE-2021-20863 are CWE-77 and CWE-78.
How can I fix CVE-2021-20863?
To fix CVE-2021-20863, update your ELECOM router firmware to a version higher than the vulnerable ones mentioned.
- collector/nvd-index
- agent/severity
- agent/author
- agent/tags
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/elecom
- canonical/elecom wrc-1167gst2 firmware
- version/elecom wrc-1167gst2 firmware/1.25
- canonical/elecom wrc-1167gst2
- canonical/elecom wrc-1167gst2a firmware
- version/elecom wrc-1167gst2a firmware/1.25
- canonical/elecom wrc-1167gst2a
- canonical/elecom wrc-1167gst2h firmware
- version/elecom wrc-1167gst2h firmware/1.25
- canonical/elecom wrc-1167gst2h
- canonical/elecom wrc-2533gs2-b firmware
- version/elecom wrc-2533gs2-b firmware/1.52
- canonical/elecom wrc-2533gs2-b
- canonical/elecom wrc-2533gs2-w firmware
- version/elecom wrc-2533gs2-w firmware/1.52
- canonical/elecom wrc-2533gs2-w
- canonical/elecom wrc-1750gs firmware
- version/elecom wrc-1750gs firmware/1.03
- canonical/elecom wrc-1750gs
- canonical/elecom wrc-1750gsv firmware
- version/elecom wrc-1750gsv firmware/2.11
- canonical/elecom wrc-1750gsv
- canonical/elecom wrc-1900gst firmware
- version/elecom wrc-1900gst firmware/1.03
- canonical/elecom wrc-1900gst
- canonical/elecom wrc-2533gst firmware
- version/elecom wrc-2533gst firmware/1.03
- canonical/elecom wrc-2533gst
- canonical/elecom wrc-2533gst2 firmware
- version/elecom wrc-2533gst2 firmware/1.25
- canonical/elecom wrc-2533gst2
- canonical/elecom wrc-2533gsta firmware
- version/elecom wrc-2533gsta firmware/1.03
- canonical/elecom wrc-2533gsta
- canonical/elecom wrc-2533gst2sp firmware
- version/elecom wrc-2533gst2sp firmware/1.25
- canonical/elecom wrc-2533gst2sp
- canonical/elecom wrc-2533gst2-g firmware
- version/elecom wrc-2533gst2-g firmware/1.25
- canonical/elecom wrc-2533gst2-g
- canonical/elecom edwrc-2533gst2 firmware
- version/elecom edwrc-2533gst2 firmware/1.25
- canonical/elecom edwrc-2533gst2