CVE-2021-20864 in WRC-1167GST2info

Summary

by MITRE • 12/01/2021

Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent unauthenticated attacker to bypass access restriction, and to start the telnet service and execute an arbitrary OS command via unspecified vectors.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 12/04/2021

This vulnerability represents a critical improper access control flaw in ELECOM network routers that affects multiple device models including WRC-1167GST2, WRC-2533GS2, WRC-1750GS, and WRC-1900GST series. The vulnerability exists in firmware versions up to and including v1.25 for several models and v1.03 for others, creating a widespread security risk across the ELECOM router product line. The flaw allows network-adjacent attackers to bypass legitimate access controls without authentication, enabling them to remotely enable the telnet service and execute arbitrary operating system commands on the affected devices. This represents a fundamental breakdown in the router's security architecture where unauthorized access can be gained through unspecified attack vectors that likely involve manipulation of network protocols or web interfaces.

The technical implications of this vulnerability are severe as it directly enables remote code execution capabilities without requiring authentication credentials. Attackers can exploit this weakness to gain full administrative control over the affected routers, potentially leading to complete network compromise. The ability to start the telnet service remotely means that attackers can establish persistent access points within the network infrastructure, while arbitrary command execution allows them to install malware, modify network configurations, or redirect traffic to malicious destinations. This vulnerability directly maps to CWE-284 (Improper Access Control) and aligns with ATT&CK techniques including T1021.001 (Remote Services: Remote Desktop Protocol) and T1059 (Command and Scripting Interpreter) where adversaries can establish command execution capabilities on compromised systems.

The operational impact of CVE-2021-20864 extends beyond individual device compromise to potentially affect entire network infrastructures, particularly in environments where these routers serve as primary network gateways. Organizations using affected ELECOM routers may experience unauthorized network access, data exfiltration, man-in-the-middle attacks, or use of the compromised devices as launching points for further attacks against internal networks. The vulnerability's network-adjacent nature means that attackers need only be on the same local network segment to exploit it, making it particularly dangerous in shared office spaces, data centers, or any environment where physical network access might be gained. This threat is exacerbated by the fact that many organizations may not regularly update router firmware, leaving these devices vulnerable for extended periods.

Mitigation strategies should prioritize immediate firmware updates from ELECOM to address the vulnerability, though organizations should also implement network segmentation to limit the attack surface and disable unnecessary services including telnet. Network monitoring should be enhanced to detect unauthorized telnet service activation and suspicious command execution patterns. Additionally, organizations should consider implementing intrusion detection systems that can identify potential exploitation attempts through unusual network traffic patterns or unauthorized configuration changes. The vulnerability highlights the critical importance of regular firmware updates and proper network access controls, as well as the need for organizations to maintain inventories of all network-connected devices to ensure complete coverage of security patches. Security teams should also conduct vulnerability assessments to identify all potentially affected devices within their networks and implement layered security controls to minimize the impact of similar vulnerabilities in the future.

Reservation

12/17/2020

Disclosure

12/01/2021

Moderation

accepted

CPE

ready

EPSS

0.00502

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!