CVE-2021-20739 - Vulnerability Details

Vendors	Products
Elecom	Wrc-300febk Wrc-300febk Firmware Wrc-733febk Wrc-733febk Firmware Wrc-f300nf Wrc-f300nf Firmware Wrh-300bk Wrh-300bk-s Wrh-300bk-s Firmware Wrh-300bk Firmware Wrh-300rd Wrh-300rd Firmware Wrh-300sv Wrh-300sv Firmware Wrh-300wh Wrh-300wh-s Wrh-300wh-s Firmware Wrh-300wh Firmware Wrh-h300bk Wrh-h300bk Firmware Wrh-h300wh Wrh-h300wh Firmware

Link	Providers
https://jvn.jp/en/vu/JVNVU94260088/index.html
https://www.elecom.co.jp/news/security/20210706-01/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S", "vendor": "ELECOM CO.,LTD.", "versions": [{"status": "affected", "version": "all versions"}]}], "descriptions": [{"lang": "en", "value": "WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "OS Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-07T07:05:26", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.elecom.co.jp/news/security/20210706-01/"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/vu/JVNVU94260088/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20739", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S", "version": {"version_data": [{"version_value": "all versions"}]}}]}, "vendor_name": "ELECOM CO.,LTD."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "OS Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://www.elecom.co.jp/news/security/20210706-01/", "refsource": "MISC", "url": "https://www.elecom.co.jp/news/security/20210706-01/"}, {"name": "https://jvn.jp/en/vu/JVNVU94260088/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/vu/JVNVU94260088/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:53:21.835Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.elecom.co.jp/news/security/20210706-01/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/vu/JVNVU94260088/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20739", "datePublished": "2021-07-07T07:05:26", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:53:21.835Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S (string)

vendor : ELECOM CO.,LTD. (string)

versions : [ »

0 : { »

status : affected (string)

version : all versions (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : OS Command Injection (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-07-07T07:05:26 (string)

orgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

shortName : jpcert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.elecom.co.jp/news/security/20210706-01/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://jvn.jp/en/vu/JVNVU94260088/index.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vultures@jpcert.or.jp (string)

ID : CVE-2021-20739 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S (string)

version : { »

version_data : [ »

0 : { »

version_value : all versions (string)

}

]

}

]

}

vendor_name : ELECOM CO.,LTD. (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : OS Command Injection (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.elecom.co.jp/news/security/20210706-01/ (string)

refsource : MISC (string)

url : https://www.elecom.co.jp/news/security/20210706-01/ (string)

}

1 : { »

name : https://jvn.jp/en/vu/JVNVU94260088/index.html (string)

refsource : MISC (string)

url : https://jvn.jp/en/vu/JVNVU94260088/index.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T17:53:21.835Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.elecom.co.jp/news/security/20210706-01/ (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://jvn.jp/en/vu/JVNVU94260088/index.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

assignerShortName : jpcert (string)

cveId : CVE-2021-20739 (string)

datePublished : 2021-07-07T07:05:26 (string)

dateReserved : 2020-12-17T00:00:00 (string)

dateUpdated : 2024-08-03T17:53:21.835Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-300febk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "634C6410-3AC8-4770-8D3F-AF12B39BCEB4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-300febk:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AD07548-B957-4275-BE59-F40940E078A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-f300nf_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE6FA33-6CC9-4AFC-B6EC-8BEE7BE7BAE7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-f300nf:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF251645-9505-49CC-BA4D-1CA454D639D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrc-733febk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCFD89BC-4736-4BEA-A1E5-42305D9E1B88", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrc-733febk:-:*:*:*:*:*:*:*", "matchCriteriaId": "2152FA45-F61F-4347-B9B3-992C994D1B64", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-300rd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1AA5CB5-25F3-4995-9254-8E0214B2DD4A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-300rd:-:*:*:*:*:*:*:*", "matchCriteriaId": "5398598E-4579-44DF-95FB-EBB2871A248E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-300bk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C184A52-C8E1-4604-9204-575282410CA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-300bk:-:*:*:*:*:*:*:*", "matchCriteriaId": "89ED96E9-D73D-42E7-A86F-7A73E00D2B86", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-300sv_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6E69313-490A-4263-B01E-81E31C9AC805", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-300sv:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D4159F7-1DF3-4827-9784-E338CC3E7D93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-300wh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7288F3AF-F903-4AD5-8680-EFCD23ACC333", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-300wh:-:*:*:*:*:*:*:*", "matchCriteriaId": "E458D9A1-C2AF-4A8F-AC52-8A9D25C303ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-h300wh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D857DD7-F3D3-4874-A9C5-3F8161381C1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-h300wh:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8C25CFC-393E-4487-965F-8F922723346F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-h300bk_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1941F445-18F2-42E7-BF96-26B82FDC05BA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-h300bk:-:*:*:*:*:*:*:*", "matchCriteriaId": "99341BF6-FD30-421A-9E9C-32C99B6F75AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-300bk-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C727AFD4-B712-4E7F-9AF6-7F5FC5CBC255", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-300bk-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "85EB981B-03EA-49B3-99EA-A8389F795C63", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:elecom:wrh-300wh-s_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A866C31-CA0D-4A25-B19B-70F2F8A7A91E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:elecom:wrh-300wh-s:-:*:*:*:*:*:*:*", "matchCriteriaId": "887859FA-3FA7-40E4-BE7B-977C66CF4E37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors."}, {"lang": "es", "value": "WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S y WRH-300WH-S, todas las versiones, permiten a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistema operativo por medio de vectores no especificados"}], "id": "CVE-2021-20739", "lastModified": "2024-11-21T05:47:06.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-07T08:15:07.813", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU94260088/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20210706-01/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/vu/JVNVU94260088/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.elecom.co.jp/news/security/20210706-01/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrc-300febk_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 634C6410-3AC8-4770-8D3F-AF12B39BCEB4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrc-300febk:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8AD07548-B957-4275-BE59-F40940E078A7 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrc-f300nf_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 6BE6FA33-6CC9-4AFC-B6EC-8BEE7BE7BAE7 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrc-f300nf:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DF251645-9505-49CC-BA4D-1CA454D639D1 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrc-733febk_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CCFD89BC-4736-4BEA-A1E5-42305D9E1B88 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrc-733febk:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2152FA45-F61F-4347-B9B3-992C994D1B64 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-300rd_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D1AA5CB5-25F3-4995-9254-8E0214B2DD4A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-300rd:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5398598E-4579-44DF-95FB-EBB2871A248E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-300bk_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5C184A52-C8E1-4604-9204-575282410CA1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-300bk:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 89ED96E9-D73D-42E7-A86F-7A73E00D2B86 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-300sv_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B6E69313-490A-4263-B01E-81E31C9AC805 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-300sv:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6D4159F7-1DF3-4827-9784-E338CC3E7D93 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-300wh_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7288F3AF-F903-4AD5-8680-EFCD23ACC333 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-300wh:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E458D9A1-C2AF-4A8F-AC52-8A9D25C303ED (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-h300wh_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1D857DD7-F3D3-4874-A9C5-3F8161381C1E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-h300wh:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A8C25CFC-393E-4487-965F-8F922723346F (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-h300bk_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1941F445-18F2-42E7-BF96-26B82FDC05BA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-h300bk:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 99341BF6-FD30-421A-9E9C-32C99B6F75AD (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

9 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-300bk-s_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C727AFD4-B712-4E7F-9AF6-7F5FC5CBC255 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-300bk-s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 85EB981B-03EA-49B3-99EA-A8389F795C63 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

10 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:elecom:wrh-300wh-s_firmware:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A866C31-CA0D-4A25-B19B-70F2F8A7A91E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:elecom:wrh-300wh-s:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 887859FA-3FA7-40E4-BE7B-977C66CF4E37 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S y WRH-300WH-S, todas las versiones, permiten a un atacante no autenticado adyacente a la red ejecutar un comando arbitrario del sistema operativo por medio de vectores no especificados (string)

}

]

id : CVE-2021-20739 (string)

lastModified : 2024-11-21T05:47:06.530 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : ADJACENT_NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:A/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 6.5 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-07-07T08:15:07.813 (string)

references : [ »

0 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/vu/JVNVU94260088/index.html (string)

}

1 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.elecom.co.jp/news/security/20210706-01/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/vu/JVNVU94260088/index.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.elecom.co.jp/news/security/20210706-01/ (string)

}

]

sourceIdentifier : vultures@jpcert.or.jp (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-78 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object