Login Sign Up

CVE-2021-20859

8.0 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows an authenticated attacker on the same network to execute arbitrary operating system commands on affected ELECOM LAN routers. Attackers can gain full control of the router, potentially compromising the entire network. Users of specific ELECOM router models with vulnerable firmware versions are affected.

💻 Affected Systems

Products:
  • WRC-1167GST2
  • WRC-1167GST2A
  • WRC-1167GST2H
  • WRC-2533GS2-B
  • WRC-2533GS2-W
  • WRC-1750GS
  • WRC-1750GSV
  • WRC-1900GST
  • WRC-2533GST
  • WRC-2533GSTA
  • WRC-2533GST2
  • WRC-2533GST2SP
  • WRC-2533GST2-G
  • EDWRC-2533GST2
Versions: Various firmware versions up to specified maximums (e.g., v1.25, v1.52, v1.03, v2.11)
Operating Systems: Router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected firmware versions are vulnerable. Requires attacker to have authenticated access to router management interface.

📦 What is this software?

Edwrc 2533gst2 Firmware by Elecom

View all CVEs affecting Edwrc 2533gst2 Firmware →

Wrc 1167gst2 Firmware by Elecom

View all CVEs affecting Wrc 1167gst2 Firmware →

Wrc 1167gst2a Firmware by Elecom

View all CVEs affecting Wrc 1167gst2a Firmware →

Wrc 1167gst2h Firmware by Elecom

View all CVEs affecting Wrc 1167gst2h Firmware →

Wrc 1750gs Firmware by Elecom

View all CVEs affecting Wrc 1750gs Firmware →

Wrc 1750gsv Firmware by Elecom

View all CVEs affecting Wrc 1750gsv Firmware →

Wrc 1900gst Firmware by Elecom

View all CVEs affecting Wrc 1900gst Firmware →

Wrc 2533gs2 B Firmware by Elecom

View all CVEs affecting Wrc 2533gs2 B Firmware →

Wrc 2533gs2 W Firmware by Elecom

View all CVEs affecting Wrc 2533gs2 W Firmware →

Wrc 2533gst Firmware by Elecom

View all CVEs affecting Wrc 2533gst Firmware →

Wrc 2533gst2 Firmware by Elecom

View all CVEs affecting Wrc 2533gst2 Firmware →

Wrc 2533gst2 G Firmware by Elecom

View all CVEs affecting Wrc 2533gst2 G Firmware →

Wrc 2533gst2sp Firmware by Elecom

View all CVEs affecting Wrc 2533gst2sp Firmware →

Wrc 2533gsta Firmware by Elecom

View all CVEs affecting Wrc 2533gsta Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise leading to network takeover, data interception, malware deployment, and lateral movement to connected devices.

🟠

Likely Case

Router configuration modification, network traffic monitoring, credential theft, and potential pivot to internal systems.

🟢

If Mitigated

Limited to authenticated attackers on the local network, with proper segmentation reducing lateral movement opportunities.

🌐 Internet-Facing: LOW (requires network adjacency, not directly internet exploitable)
🏢 Internal Only: HIGH (authenticated attackers on local network can achieve full compromise)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but unspecified vectors suggest multiple potential attack paths. CVSS 8.0 indicates high severity with low attack complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions above those listed in affected versions (check specific model for exact patched version)

Vendor Advisory: https://www.elecom.co.jp/news/security/20211130-01/

Restart Required: Yes

Instructions:

1. Identify your router model and current firmware version. 2. Visit ELECOM support website for your region. 3. Download latest firmware for your specific model. 4. Access router admin interface. 5. Navigate to firmware update section. 6. Upload and apply new firmware. 7. Reboot router after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface to separate VLAN or network segment

Access Restriction

all

Restrict router admin access to specific trusted IP addresses only

🧯 If You Can't Patch

  • Replace affected routers with non-vulnerable models
  • Implement strict network monitoring for suspicious router access patterns

🔍 How to Verify

Check if Vulnerable:

Check router admin interface for model and firmware version, compare against affected versions list

Check Version:

Access router web interface and check System Information or Firmware Status page

Verify Fix Applied:

Confirm firmware version is higher than affected versions listed in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts to router admin interface
  • Unexpected configuration changes
  • Suspicious command execution in router logs

Network Indicators:

  • Unusual traffic patterns from router to internal systems
  • Router communicating with unexpected external IPs

SIEM Query:

Search for authentication events to router admin interface from non-standard IPs followed by configuration changes

📊 Metadata

CVE ID: CVE-2021-20859
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: December 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20859, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)