CVE-2021-20621 – This CSRF vulnerability in Aterm WG2600HP and W... (How to Fix)

Q: What is the severity of CVE-2021-20621?

CVE-2021-20621 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in Aterm WG2600HP and WG2600HP2 routers allows attackers to trick authenticated administrators into performing unintended actions. Attackers can hijack administrator sessions to change router settings, potentially compromising network security. All users running affected firmware versions are vulnerable.

📋 TL;DR

This CSRF vulnerability in Aterm WG2600HP and WG2600HP2 routers allows attackers to trick authenticated administrators into performing unintended actions. Attackers can hijack administrator sessions to change router settings, potentially compromising network security. All users running affected firmware versions are vulnerable.

💻 Affected Systems

Products:

Aterm WG2600HP
Aterm WG2600HP2

Versions: WG2600HP firmware Ver1.0.2 and earlier, WG2600HP2 firmware Ver1.0.2 and earlier

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Requires administrator to be logged into router web interface.

📦 What is this software?

Wg2600hp Firmware by Aterm

View all CVEs affecting Wg2600hp Firmware →

Wg2600hp2 Firmware by Aterm

View all CVEs affecting Wg2600hp2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router takeover allowing attacker to change DNS settings, firewall rules, credentials, or enable remote administration, leading to full network compromise and data interception.

🟠

Likely Case

Router configuration changes enabling unauthorized access, network redirection, or credential theft.

🟢

If Mitigated

Limited impact if CSRF protections are implemented or administrators use separate browser sessions for router management.

🌐 Internet-Facing: HIGH - Routers are typically internet-facing devices, and CSRF attacks can originate from malicious websites visited by administrators.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they can trick administrators into visiting malicious internal pages.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. Requires administrator to be authenticated and visit malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: WG2600HP firmware Ver1.0.3 and later, WG2600HP2 firmware Ver1.0.3 and later

Vendor Advisory: https://www.aterm.jp/support/tech/2019/0328.html

Restart Required: Yes

Instructions:

1. Download latest firmware from Aterm support site. 2. Log into router web interface. 3. Navigate to firmware update section. 4. Upload and apply new firmware. 5. Router will restart automatically.

🔧 Temporary Workarounds

CSRF Token Implementation

all

Add CSRF tokens to router administration forms if customizing interface

Browser Session Management

all

Use separate browser profiles or private browsing for router administration

🧯 If You Can't Patch

Restrict router administration to dedicated management VLAN or isolated network
Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface under System Information or Status page

Check Version:

No CLI command - check via web interface at http://router-ip/status.html or similar

Verify Fix Applied:

Verify firmware version shows Ver1.0.3 or higher after update

📡 Detection & Monitoring

Log Indicators:

Multiple configuration changes from same IP in short timeframe
Unusual administrator actions during normal business hours

Network Indicators:

Unexpected DNS server changes
New firewall rules allowing external access

SIEM Query:

source="router-logs" action="config_change" count by src_ip > threshold

📊 Metadata

CVE ID: CVE-2021-20621

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 28, 2021

Last Updated: November 21, 2024

🔗 References

https://jpn.nec.com/security-info/secinfo/nv21-005.html Third Party Advisory
https://jvn.jp/en/jp/JVN38248512/index.html Third Party Advisory
https://www.aterm.jp/support/tech/2019/0328.html Patch,Vendor Advisory
https://jpn.nec.com/security-info/secinfo/nv21-005.html Third Party Advisory
https://jvn.jp/en/jp/JVN38248512/index.html Third Party Advisory
https://www.aterm.jp/support/tech/2019/0328.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20621, you might also want to check these: