CVE-2021-20862

Name of the Vulnerable Software and Affected Versions: ELECOM WRC-1167GST2 firmware versions 1.25 and prior ELECOM WRC-1167GST2A firmware versions 1.25 and prior ELECOM WRC-1167GST2H firmware versions 1.25 and prior ELECOM WRC-2533GS2-B firmware versions 1.52 and prior ELECOM WRC-2533GS2-W firmware versions 1.52 and prior ELECOM WRC-1750GS firmware versions 1.03 and prior ELECOM WRC-1750GSV firmware versions 2.11 and prior ELECOM WRC-1900GST firmware versions 1.03 and prior ELECOM WRC-2533GST firmware versions 1.03 and prior ELECOM WRC-2533GSTA firmware versions 1.03 and prior ELECOM WRC-2533GST2 firmware versions 1.25 and prior ELECOM WRC-2533GST2SP firmware versions 1.25 and prior ELECOM WRC-2533GST2-G firmware versions 1.25 and prior ELECOM EDWRC-2533GST2 firmware versions 1.25 and prior

Description: The issue is related to improper access control in ELECOM routers, allowing a network-adjacent unauthenticated attacker to bypass access restrictions. This enables the attacker to obtain anti-CSRF tokens and change the product's settings via unspecified vectors.

Recommendations: For ELECOM WRC-1167GST2 firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-1167GST2A firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-1167GST2H firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GS2-B firmware versions 1.52 and prior, update to a version later than 1.52. For ELECOM WRC-2533GS2-W firmware versions 1.52 and prior, update to a version later than 1.52. For ELECOM WRC-1750GS firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-1750GSV firmware versions 2.11 and prior, update to a version later than 2.11. For ELECOM WRC-1900GST firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GST firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GSTA firmware versions 1.03 and prior, update to a version later than 1.03. For ELECOM WRC-2533GST2 firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GST2SP firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM WRC-2533GST2-G firmware versions 1.25 and prior, update to a version later than 1.25. For ELECOM EDWRC-2533GST2 firmware versions 1.25 and prior, update to a version later than 1.25.