ByteOS Network

NVD Vulnerability Details :

CVE-2021-20649

Analyzed

Source-vultures@jpcert.or.jp

Published At-12 Feb, 2021 | 07:15

Updated At-15 Feb, 2021 | 01:26

ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

Elecom Co., Ltd.

>>wrc-300febk-s_firmware>>-

cpe:2.3:o:elecom:wrc-300febk-s_firmware:-:*:*:*:*:*:*:*

Elecom Co., Ltd.

>>wrc-300febk-s>>-

cpe:2.3:h:elecom:wrc-300febk-s:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://jvn.jp/en/jp/JVN47580234/index.html	vultures@jpcert.or.jp	Third Party Advisory
https://www.elecom.co.jp/news/security/20210126-01/	vultures@jpcert.or.jp	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History