Description
OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attackers to execute an arbitrary OS command with the root privilege via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.elecom.co.jp/news/security/20211130-01/
Third Party Advisory x_refsource_misc
https://jvn.jp/en/vu/JVNVU94527926/index.html
Scores
CVSS v3
8.0
EPSS
0.0086
EPSS Percentile
54.0%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (14)
elecom/edwrc-2533gst2_firmware
< 1.25
elecom/wrc-1167gst2_firmware
< 1.25
elecom/wrc-1167gst2a_firmware
< 1.25
elecom/wrc-1167gst2h_firmware
< 1.25
elecom/wrc-1750gs_firmware
< 1.03
elecom/wrc-1750gsv_firmware
< 2.11
elecom/wrc-1900gst_firmware
< 1.03
elecom/wrc-2533gs2-b_firmware
< 1.52
elecom/wrc-2533gs2-w_firmware
< 1.52
elecom/wrc-2533gst2-g_firmware
< 1.25
... and 4 more
Published
Dec 01, 2021
Tracked Since
Feb 18, 2026