All the vulnerabilites related to ELECOM CO.,LTD. - WRC-300FEBK firmware
jvndb-2021-000008
Vulnerability from jvndb
Published
2021-01-26 16:33
Modified
2021-01-26 16:33
Severity ?
Summary
Multiple vulnerabilities in multiple ELECOM products
Details
Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
*Improper Access Control (CWE-284) - CVE-2021-20643
*Script injection in web setup page (CWE-74) - CVE-2021-20644
*Stored cross-site scripting (CWE-79) - CVE-2021-20645
*Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650
*OS command injection (CWE-78) - CVE-2021-20648
*Improper server certificate verification (CWE-295) - CVE-2021-20649
*OS command injection via UPnP (CWE-78) - CVE-2014-8361
CVE-2021-20643
NAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20644
Ryo Sato reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20645, CVE-2021-20646
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20647, CVE-2021-20648, CVE-2021-20649
Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20650
Yutaka WATANABE reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Satoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html", "dc:date": "2021-01-26T16:33+09:00", "dcterms:issued": "2021-01-26T16:33+09:00", "dcterms:modified": "2021-01-26T16:33+09:00", "description": "Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n*Improper Access Control (CWE-284) - CVE-2021-20643\r\n*Script injection in web setup page (CWE-74) - CVE-2021-20644\r\n*Stored cross-site scripting (CWE-79) - CVE-2021-20645\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650\r\n*OS command injection (CWE-78) - CVE-2021-20648\r\n*Improper server certificate verification (CWE-295) - CVE-2021-20649\r\n*OS command injection via UPnP (CWE-78) - CVE-2014-8361\r\n\r\nCVE-2021-20643\r\nNAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20644\r\nRyo Sato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20645, CVE-2021-20646\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20647, CVE-2021-20648, CVE-2021-20649\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20650\r\nYutaka WATANABE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.", "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html", "sec:cpe": [ { "#text": "cpe:/o:elecom:ld-ps%2fu1_firmware", "@product": "LD-PS/U1", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:ncc-ewf100rmwh2_firmware", "@product": "NCC-EWF100RMWH2", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware", "@product": "WRC-1467GHBK-A", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-300febk-a_firmware", "@product": "WRC-300FEBK-A", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-300febk-s_firmware", "@product": "WRC-300FEBK-S", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-300febk_firmware", "@product": "WRC-300FEBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-f300nf_firmware", "@product": "WRC-F300NF firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" } ], "sec:cvss": [ { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "8.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2021-000008", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN47580234/index.html", "@id": "JVN#47580234", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643", "@id": "CVE-2021-20643", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644", "@id": "CVE-2021-20644", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645", "@id": "CVE-2021-20645", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646", "@id": "CVE-2021-20646", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647", "@id": "CVE-2021-20647", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648", "@id": "CVE-2021-20648", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649", "@id": "CVE-2021-20649", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650", "@id": "CVE-2021-20650", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361", "@id": "CVE-2014-8361", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361", "@id": "CVE-2014-8361", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20643", "@id": "CVE-2021-20643", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20644", "@id": "CVE-2021-20644", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20645", "@id": "CVE-2021-20645", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20646", "@id": "CVE-2021-20646", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20647", "@id": "CVE-2021-20647", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20648", "@id": "CVE-2021-20648", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20649", "@id": "CVE-2021-20649", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20650", "@id": "CVE-2021-20650", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-352", "@title": "Cross-Site Request Forgery(CWE-352)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Multiple vulnerabilities in multiple ELECOM products" }
jvndb-2023-006588
Vulnerability from jvndb
Published
2023-11-15 18:27
Modified
2024-04-26 15:22
Severity ?
Summary
Multiple vulnerabilities in ELECOM and LOGITEC routers
Details
Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2023-43752
* Inadequate Encryption Strength (CWE-326) - CVE-2023-43757
CVE-2023-43752
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVE-2023-43757
Katsuhiko Sato(a.k.a. goroh_kun), Yuya Adachi and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
▼ | Type | URL |
---|---|---|
JVN | http://jvn.jp/en/vu/JVNVU94119876/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-43752 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-43757 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-43752 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-43757 | |
Inadequate Encryption Strength(CWE-326) | https://cwe.mitre.org/data/definitions/326.html | |
OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006588.html", "dc:date": "2024-04-26T15:22+09:00", "dcterms:issued": "2023-11-15T18:27+09:00", "dcterms:modified": "2024-04-26T15:22+09:00", "description": "Multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION contain multiple vulnerabilities listed below.\r\n\r\n * OS Command Injection (CWE-78) - CVE-2023-43752\r\n * Inadequate Encryption Strength (CWE-326) - CVE-2023-43757\r\n\r\nCVE-2023-43752\r\nChuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-43757\r\nKatsuhiko Sato(a.k.a. goroh_kun), Yuya Adachi and Ryo Kamino of 00One, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.", "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-006588.html", "sec:cpe": [ { "#text": "cpe:/o:elecom:wrc-1167ghbk2_firmware", "@product": "WRC-1167GHBK2 firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1167ghbk_firmware", "@product": "WRC-1167GHBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1750ghbk-e_firmware", "@product": "WRC-1750GHBK-E firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1750ghbk2-i_firmware", "@product": "WRC-1750GHBK2-I firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1750ghbk_firmware", "@product": "WRC-1750GHBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-2533ghbk-i_firmware", "@product": "WRC-2533GHBK-I firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-2533ghbk2-t_firmware", "@product": "WRC-2533GHBK2-T firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-300febk_firmware", "@product": "WRC-300FEBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-300ghbk2-i_firmware", "@product": "WRC-300GHBK2-I firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-300ghbk_firmware", "@product": "WRC-300GHBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-733febk_firmware", "@product": "WRC-733FEBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-733ghbk-c_firmware", "@product": "WRC-733GHBK-C firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-733ghbk-i_firmware", "@product": "WRC-733GHBK-I firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-733ghbk_firmware", "@product": "WRC-733GHBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-f1167acf_firmware", "@product": "WRC-F1167ACF firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-f300nf_firmware", "@product": "WRC-F300NF firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x3000gs2-b_firmware", "@product": "WRC-X3000GS2-B firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x3000gs2-w_firmware", "@product": "WRC-X3000GS2-W firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-x3000gs2a-b_firmware", "@product": "WRC-X3000GS2A-B firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-150bk_firmware", "@product": "WRH-150BK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-150wh_firmware", "@product": "WRH-150WH firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300bk-s_firmware", "@product": "WRH-300BK-S firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300bk2-s_firmware", "@product": "WRH-300BK2-S firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300bk_firmware", "@product": "WRH-300BK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300rd_firmware", "@product": "WRH-300RD firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300sv_firmware", "@product": "WRH-300SV firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300wh-h_firmware", "@product": "WRH-300WH-H firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300wh-s_firmware", "@product": "WRH-300WH-S firmwware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300wh2-s_firmware", "@product": "WRH-300WH2-S firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300wh_firmware", "@product": "WRH-300WH firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-h300bk_firmware", "@product": "WRH-H300BK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-h300wh_firmware", "@product": "WRH-H300WH firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:logitec:lan-w300n%2fp_firmware", "@product": "LAN-W300N/P firmware", "@vendor": "Logitec Corp.", "@version": "2.2" }, { "#text": "cpe:/o:logitec:lan-w300n%2frs_firmware", "@product": "LAN-W300N/RS firmware", "@vendor": "Logitec Corp.", "@version": "2.2" }, { "#text": "cpe:/o:logitec:lan-w301nr_firmware", "@product": "LAN-W301NR firmware", "@vendor": "Logitec Corp.", "@version": "2.2" }, { "#text": "cpe:/o:logitec:lan-wh300n%2fdgp_firmware", "@product": "LAN-WH300N/DGP firmware", "@vendor": "Logitec Corp.", "@version": "2.2" }, { "#text": "cpe:/o:logitec:lan-wh300ndgpe_firmware", "@product": "LAN-WH300NDGPE firmware", "@vendor": "Logitec Corp.", "@version": "2.2" } ], "sec:cvss": { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" }, "sec:identifier": "JVNDB-2023-006588", "sec:references": [ { "#text": "http://jvn.jp/en/vu/JVNVU94119876/index.html", "@id": "JVNVU#94119876", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-43752", "@id": "CVE-2023-43752", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-43757", "@id": "CVE-2023-43757", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43752", "@id": "CVE-2023-43752", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43757", "@id": "CVE-2023-43757", "@source": "NVD" }, { "#text": "https://cwe.mitre.org/data/definitions/326.html", "@id": "CWE-326", "@title": "Inadequate Encryption Strength(CWE-326)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" } ], "title": "Multiple vulnerabilities in ELECOM and LOGITEC routers" }
jvndb-2021-001977
Vulnerability from jvndb
Published
2021-07-07 14:03
Modified
2021-07-12 16:04
Severity ?
Summary
Multiple vulnerabilities in Elecom routers
Details
Multiple routers provided by ELECOM CO.,LTD. contain information disclosure and OS command injection vulnerabilities.
Multiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.
WRC-1167FS-W, WRC-1167FS-B, WRC-1167FSA
* Information disclosure (CWE-200) - CVE-2021-20738
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, WRH-300WH-S
* OS command injection (CWE-78) - CVE-2021-20739
Chuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001977.html", "dc:date": "2021-07-12T16:04+09:00", "dcterms:issued": "2021-07-07T14:03+09:00", "dcterms:modified": "2021-07-12T16:04+09:00", "description": "Multiple routers provided by ELECOM CO.,LTD. contain information disclosure and OS command injection vulnerabilities.\r\n\r\nMultiple routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n\r\nWRC-1167FS-W, WRC-1167FS-B, WRC-1167FSA\r\n\r\n* Information disclosure (CWE-200) - CVE-2021-20738\r\n\r\nWRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, WRH-300WH-S\r\n\r\n* OS command injection (CWE-78) - CVE-2021-20739\r\n\r\nChuya Hayakawa and Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported this vulnerability to ELECOM CO.,LTD. and coordinated. ELECOM CO.,LTD. and JPCERT/CC published respective advisories in order to notify users of this vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001977.html", "sec:cpe": [ { "#text": "cpe:/o:elecom:wrc-1167fs-b_firmware", "@product": "WRC-1167FS-B", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1167fs-w_firmware", "@product": "WRC-1167FS-W", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-1167fsa_firmware", "@product": "WRC-1167FSA", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-300febk_firmware", "@product": "WRC-300FEBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-733febk_firmware", "@product": "WRC-733FEBK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrc-f300nf_firmware", "@product": "WRC-F300NF firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300bk-s_firmware", "@product": "WRH-300BK-S firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300bk_firmware", "@product": "WRH-300BK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300rd_firmware", "@product": "WRH-300RD firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300sv_firmware", "@product": "WRH-300SV firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300wh-s_firmware", "@product": "WRH-300WH-S firmwware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-300wh_firmware", "@product": "WRH-300WH firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-h300bk_firmware", "@product": "WRH-H300BK firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" }, { "#text": "cpe:/o:elecom:wrh-h300wh_firmware", "@product": "WRH-H300WH firmware", "@vendor": "ELECOM CO.,LTD.", "@version": "2.2" } ], "sec:cvss": [ { "@score": "5.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "6.3", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "@version": "3.0" } ], "sec:identifier": "JVNDB-2021-001977", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU94260088/index.html", "@id": "JVNVU#94260088", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20738", "@id": "CVE-2021-20738", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20739", "@id": "CVE-2021-20739", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20738", "@id": "CVE-2021-20738", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20739", "@id": "CVE-2021-20739", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" } ], "title": "Multiple vulnerabilities in Elecom routers" }