Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for WRC-300FEBK-S by ELECOM CO.,LTD.

    CVE-2021-20649 (GCVE-0-2021-20649)

    Vulnerability from nvd – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.
    Severity
    No CVSS data available.
    CWE
    • Improper certificate validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-300FEBK-S Affected: WRC-300FEBK-S
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-300FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-300FEBK-S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper certificate validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-300FEBK-S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-300FEBK-S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper certificate validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20649",
        "datePublished": "2021-02-12T06:15:50.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20648 (GCVE-0-2021-20648)

    Vulnerability from nvd – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-300FEBK-S Affected: WRC-300FEBK-S
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-300FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-300FEBK-S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-300FEBK-S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-300FEBK-S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20648",
        "datePublished": "2021-02-12T06:15:50.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20647 (GCVE-0-2021-20647)

    Vulnerability from nvd – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-300FEBK-S Affected: WRC-300FEBK-S
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-300FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-300FEBK-S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:49.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-300FEBK-S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-300FEBK-S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20647",
        "datePublished": "2021-02-12T06:15:49.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20649 (GCVE-0-2021-20649)

    Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.
    Severity
    No CVSS data available.
    CWE
    • Improper certificate validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-300FEBK-S Affected: WRC-300FEBK-S
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.385Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-300FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-300FEBK-S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper certificate validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-300FEBK-S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-300FEBK-S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper certificate validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20649",
        "datePublished": "2021-02-12T06:15:50.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.385Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20648 (GCVE-0-2021-20648)

    Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • OS Command Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-300FEBK-S Affected: WRC-300FEBK-S
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:44.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-300FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-300FEBK-S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "OS Command Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20648",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-300FEBK-S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-300FEBK-S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "OS Command Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20648",
        "datePublished": "2021-02-12T06:15:50.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:44.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20647 (GCVE-0-2021-20647)

    Vulnerability from cvelistv5 – Published: 2021-02-12 06:15 – Updated: 2024-08-03 17:45
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    ELECOM CO.,LTD. WRC-300FEBK-S Affected: WRC-300FEBK-S
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:45:45.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.elecom.co.jp/news/security/20210126-01/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WRC-300FEBK-S",
              "vendor": "ELECOM CO.,LTD.",
              "versions": [
                {
                  "status": "affected",
                  "version": "WRC-300FEBK-S"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-12T06:15:49.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.elecom.co.jp/news/security/20210126-01/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20647",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WRC-300FEBK-S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "WRC-300FEBK-S"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ELECOM CO.,LTD."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.elecom.co.jp/news/security/20210126-01/",
                  "refsource": "MISC",
                  "url": "https://www.elecom.co.jp/news/security/20210126-01/"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN47580234/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN47580234/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20647",
        "datePublished": "2021-02-12T06:15:49.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:45:45.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2021-000008

    Vulnerability from jvndb - Published: 2021-01-26 16:33 - Updated:2021-01-26 16:33
    Severity
    Summary
    Multiple vulnerabilities in multiple ELECOM products
    Details
    Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. *Improper Access Control (CWE-284) - CVE-2021-20643 *Script injection in web setup page (CWE-74) - CVE-2021-20644 *Stored cross-site scripting (CWE-79) - CVE-2021-20645 *Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 *OS command injection (CWE-78) - CVE-2021-20648 *Improper server certificate verification (CWE-295) - CVE-2021-20649 *OS command injection via UPnP (CWE-78) - CVE-2014-8361 CVE-2021-20643 NAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20644 Ryo Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20645, CVE-2021-20646 Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20650 Yutaka WATANABE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Satoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.
    References
    JVN https://jvn.jp/en/jp/JVN47580234/index.html
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650
    CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361
    NVD https://nvd.nist.gov/vuln/detail/CVE-2014-8361
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20643
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20644
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20645
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20646
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20647
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20648
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20649
    NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20650
    Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-Site Request Forgery(CWE-352) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
      "dc:date": "2021-01-26T16:33+09:00",
      "dcterms:issued": "2021-01-26T16:33+09:00",
      "dcterms:modified": "2021-01-26T16:33+09:00",
      "description": "Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n*Improper Access Control (CWE-284) - CVE-2021-20643\r\n*Script injection in web setup page (CWE-74) - CVE-2021-20644\r\n*Stored cross-site scripting (CWE-79) - CVE-2021-20645\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650\r\n*OS command injection (CWE-78) - CVE-2021-20648\r\n*Improper server certificate verification (CWE-295) - CVE-2021-20649\r\n*OS command injection via UPnP (CWE-78) - CVE-2014-8361\r\n\r\nCVE-2021-20643\r\nNAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20644\r\nRyo Sato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20645, CVE-2021-20646\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20647, CVE-2021-20648, CVE-2021-20649\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20650\r\nYutaka WATANABE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:elecom:ld-ps%2fu1_firmware",
          "@product": "LD-PS/U1",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:ncc-ewf100rmwh2_firmware",
          "@product": "NCC-EWF100RMWH2",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
          "@product": "WRC-1467GHBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300febk-a_firmware",
          "@product": "WRC-300FEBK-A",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300febk-s_firmware",
          "@product": "WRC-300FEBK-S",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-300febk_firmware",
          "@product": "WRC-300FEBK firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:elecom:wrc-f300nf_firmware",
          "@product": "WRC-F300NF firmware",
          "@vendor": "ELECOM CO.,LTD.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "8.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000008",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN47580234/index.html",
          "@id": "JVN#47580234",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643",
          "@id": "CVE-2021-20643",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644",
          "@id": "CVE-2021-20644",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645",
          "@id": "CVE-2021-20645",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646",
          "@id": "CVE-2021-20646",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647",
          "@id": "CVE-2021-20647",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648",
          "@id": "CVE-2021-20648",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649",
          "@id": "CVE-2021-20649",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650",
          "@id": "CVE-2021-20650",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361",
          "@id": "CVE-2014-8361",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361",
          "@id": "CVE-2014-8361",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20643",
          "@id": "CVE-2021-20643",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20644",
          "@id": "CVE-2021-20644",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20645",
          "@id": "CVE-2021-20645",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20646",
          "@id": "CVE-2021-20646",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20647",
          "@id": "CVE-2021-20647",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20648",
          "@id": "CVE-2021-20648",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20649",
          "@id": "CVE-2021-20649",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20650",
          "@id": "CVE-2021-20650",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-78",
          "@title": "OS Command Injection(CWE-78)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple vulnerabilities in multiple ELECOM products"
    }