CVE-2022-21173

Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
elecomwrh-300bk3_firmware
𝑥
≤ 1.05
elecomwrh-300wh3_firmware
𝑥
≤ 1.05
elecomwrh-300bk3-s_firmware
𝑥
≤ 1.05
elecomwrh-300wh3-s_firmware
𝑥
≤ 1.05
elecomwrh-300lb3-s_firmware
𝑥
≤ 1.05
elecomwrh-300pn3-s_firmware
𝑥
≤ 1.05
elecomwrh-300yg3-s_firmware
𝑥
≤ 1.05
elecomwrh-300dr3-s_firmware
𝑥
≤ 1.05
𝑥
= Vulnerable software versions
References
https://jvn.jp/en/jp/JVN17482543/index.html
https://www.elecom.co.jp/news/security/20220208-02/
https://jvn.jp/en/jp/JVN17482543/index.html
https://www.elecom.co.jp/news/security/20220208-02/