Cyber Resilience

CVE-2021-20864

High

Published: 01 December 2021

Published
01 December 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0024 47.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-20864 is a high-severity an unspecified weakness vulnerability in Elecom Wrc-1167Gst2 Firmware. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 47.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11…

more

and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

elecom
wrc-1167gst2 firmware
≤ 1.25
elecom
wrc-1167gst2a firmware
≤ 1.25
elecom
wrc-1167gst2h firmware
≤ 1.25
elecom
wrc-2533gs2-b firmware
≤ 1.52
elecom
wrc-2533gs2-w firmware
≤ 1.52
elecom
wrc-1750gs firmware
≤ 1.03
elecom
wrc-1750gsv firmware
≤ 2.11
elecom
wrc-1900gst firmware
≤ 1.03
elecom
wrc-2533gst firmware
≤ 1.03
elecom
wrc-2533gst2 firmware
≤ 1.25
+4 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References