CVE-2022-21173
First published: Tue Feb 08 2022(Updated: )
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elecom Wrh-300bk3 Firmware | <=1.05 | |
| Elecom Wrh-300bk3 | ||
| Elecom Wrh-300wh3 Firmware | <=1.05 | |
| Elecom Wrh-300wh3 | ||
| Elecom Wrh-300bk3-s Firmware | <=1.05 | |
| Elecom Wrh-300bk3-s | ||
| Elecom Wrh-300wh3-s Firmware | <=1.05 | |
| Elecom Wrh-300wh3-s | ||
| Elecom Wrh-300lb3-s Firmware | <=1.05 | |
| Elecom Wrh-300lb3-s | ||
| Elecom Wrh-300pn3-s Firmware | <=1.05 | |
| Elecom Wrh-300pn3-s | ||
| Elecom Wrh-300yg3-s Firmware | <=1.05 | |
| Elecom Wrh-300yg3-s | ||
| Elecom Wrh-300dr3-s Firmware | <=1.05 | |
| Elecom Wrh-300dr3-s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this ELECOM LAN router vulnerability?
The vulnerability ID for this ELECOM LAN router vulnerability is CVE-2022-21173.
What is the severity of CVE-2022-21173?
CVE-2022-21173 has a severity rating of 8.8 (high).
Which ELECOM LAN routers are affected by CVE-2022-21173?
ELECOM LAN routers with WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier are affected by CVE-2022-21173.
What is the recommended solution for CVE-2022-21173?
To mitigate CVE-2022-21173, it is recommended to update the affected ELECOM LAN routers to a version later than v1.05.
Where can I find more information about CVE-2022-21173?
More information about CVE-2022-21173 can be found at the following references: (1) [JVN website](https://jvn.jp/en/jp/JVN17482543/index.html), (2) [ELECOM website](https://www.elecom.co.jp/news/security/20220208-02/).
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/elecom
- canonical/elecom wrh-300bk3 firmware
- version/elecom wrh-300bk3 firmware/1.05
- canonical/elecom wrh-300bk3
- canonical/elecom wrh-300wh3 firmware
- version/elecom wrh-300wh3 firmware/1.05
- canonical/elecom wrh-300wh3
- canonical/elecom wrh-300bk3-s firmware
- version/elecom wrh-300bk3-s firmware/1.05
- canonical/elecom wrh-300bk3-s
- canonical/elecom wrh-300wh3-s firmware
- version/elecom wrh-300wh3-s firmware/1.05
- canonical/elecom wrh-300wh3-s
- canonical/elecom wrh-300lb3-s firmware
- version/elecom wrh-300lb3-s firmware/1.05
- canonical/elecom wrh-300lb3-s
- canonical/elecom wrh-300pn3-s firmware
- version/elecom wrh-300pn3-s firmware/1.05
- canonical/elecom wrh-300pn3-s
- canonical/elecom wrh-300yg3-s firmware
- version/elecom wrh-300yg3-s firmware/1.05
- canonical/elecom wrh-300yg3-s
- canonical/elecom wrh-300dr3-s firmware
- version/elecom wrh-300dr3-s firmware/1.05
- canonical/elecom wrh-300dr3-s