CVE-2022-25915

Name of the Vulnerable Software and Affected Versions ELECOM LAN routers versions prior to v1.25 (for WRC-1167GST2, WRC-1167GST2A, WRC-1167GST2H, WRC-2533GST2, WRC-2533GST2SP, WRC-2533GST2-G, and EDWRC-2533GST2) ELECOM LAN routers versions prior to v1.52 (for WRC-2533GS2-B and WRC-2533GS2-W) ELECOM LAN routers versions prior to v1.03 (for WRC-1750GS, WRC-1900GST, WRC-2533GST, and WRC-2533GSTA) ELECOM LAN routers versions prior to v2.11 (for WRC-1750GSV)

Description The issue is related to improper access control in ELECOM LAN routers, allowing a network-adjacent authenticated attacker to bypass access restrictions and access the management screen of the product via unspecified vectors.

Recommendations For versions prior to v1.25 (WRC-1167GST2, WRC-1167GST2A, WRC-1167GST2H, WRC-2533GST2, WRC-2533GST2SP, WRC-2533GST2-G, and EDWRC-2533GST2), update to a version later than v1.25. For versions prior to v1.52 (WRC-2533GS2-B and WRC-2533GS2-W), update to a version later than v1.52. For versions prior to v1.03 (WRC-1750GS, WRC-1900GST, WRC-2533GST, and WRC-2533GSTA), update to a version later than v1.03. For versions prior to v2.11 (WRC-1750GSV), update to a version later than v2.11. At the moment, there is no information about a newer version that contains a fix for this vulnerability.