Login Sign Up

CVE-2021-20861

8.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows an authenticated attacker on the same network to bypass access controls and access the router's management interface. It affects multiple ELECOM LAN router models with specific firmware versions. Attackers can potentially gain administrative control over affected routers.

💻 Affected Systems

Products:
  • WRC-1167GST2
  • WRC-1167GST2A
  • WRC-1167GST2H
  • WRC-2533GS2-B
  • WRC-2533GS2-W
  • WRC-1750GS
  • WRC-1750GSV
  • WRC-1900GST
  • WRC-2533GST
  • WRC-2533GSTA
  • WRC-2533GST2
  • WRC-2533GST2SP
  • WRC-2533GST2-G
  • EDWRC-2533GST2
Versions: Various firmware versions up to specified maximums (e.g., v1.25, v1.52, v1.03, v2.11)
Operating Systems: Router firmware only
Default Config Vulnerable: ⚠️ Yes
Notes: All affected models with specified firmware versions are vulnerable in default configurations. Requires attacker to be authenticated on the local network.

📦 What is this software?

Edwrc 2533gst2 Firmware by Elecom

View all CVEs affecting Edwrc 2533gst2 Firmware →

Wrc 1167gst2 Firmware by Elecom

View all CVEs affecting Wrc 1167gst2 Firmware →

Wrc 1167gst2a Firmware by Elecom

View all CVEs affecting Wrc 1167gst2a Firmware →

Wrc 1167gst2h Firmware by Elecom

View all CVEs affecting Wrc 1167gst2h Firmware →

Wrc 1750gs Firmware by Elecom

View all CVEs affecting Wrc 1750gs Firmware →

Wrc 1750gsv Firmware by Elecom

View all CVEs affecting Wrc 1750gsv Firmware →

Wrc 1900gst Firmware by Elecom

View all CVEs affecting Wrc 1900gst Firmware →

Wrc 2533gs2 B Firmware by Elecom

View all CVEs affecting Wrc 2533gs2 B Firmware →

Wrc 2533gs2 W Firmware by Elecom

View all CVEs affecting Wrc 2533gs2 W Firmware →

Wrc 2533gst Firmware by Elecom

View all CVEs affecting Wrc 2533gst Firmware →

Wrc 2533gst2 Firmware by Elecom

View all CVEs affecting Wrc 2533gst2 Firmware →

Wrc 2533gst2 G Firmware by Elecom

View all CVEs affecting Wrc 2533gst2 G Firmware →

Wrc 2533gst2sp Firmware by Elecom

View all CVEs affecting Wrc 2533gst2sp Firmware →

Wrc 2533gsta Firmware by Elecom

View all CVEs affecting Wrc 2533gsta Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full administrative access to router, enabling network traffic interception, DNS hijacking, credential theft, and deployment of persistent malware.

🟠

Likely Case

Attacker accesses management interface to change network settings, monitor traffic, or disable security features.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated network segments.

🌐 Internet-Facing: LOW (requires network adjacency, not directly internet exploitable)
🏢 Internal Only: HIGH (exploitable by any authenticated user on the local network)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network adjacency and authenticated access, but specific vectors are unspecified in public disclosures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific fixed versions per model

Vendor Advisory: https://www.elecom.co.jp/news/security/20211130-01/

Restart Required: Yes

Instructions:

1. Access router web interface. 2. Navigate to firmware update section. 3. Download latest firmware from ELECOM website. 4. Upload and apply firmware update. 5. Reboot router after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface to dedicated VLAN or separate network segment

Access Control Restrictions

all

Restrict management interface access to specific trusted IP addresses only

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate router management traffic
  • Monitor for unauthorized access attempts to router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version against affected versions list in vendor advisory

Check Version:

Access router web interface and navigate to System Information or Status page

Verify Fix Applied:

Confirm firmware version is updated beyond vulnerable versions specified in advisory

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to management interface
  • Unexpected configuration changes

Network Indicators:

  • Unusual traffic patterns to router management ports
  • Multiple authentication attempts from single source

SIEM Query:

source_ip=router_management_interface AND (status_code=200 OR status_code=302) AND user_agent NOT IN (trusted_user_agents)

📊 Metadata

CVE ID: CVE-2021-20861
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON