CVE-2020-5634

Published Oct 6, 2020

Last updated 4 years ago

CVSS high 8.8

Overview

Description: ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 8.3
Impact score: 10
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "85BF0A23-43C9-4497-BDDF-9366642503ED"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE64129-08D1-44B4-ACEE-2A6430AD57F3",
            "versionEndExcluding": "1.14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:elecom:wrc-1900gst2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "44AEB29B-9370-4C4A-8CEF-A1127FB48682"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:elecom:wrc-1900gst2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F9BF39B-5EF4-49B3-8C4D-52065361A653",
            "versionEndExcluding": "1.14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:elecom:wrc-1750gst2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BD054832-3D35-40BF-B9DB-D0AC6C8AB000"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:elecom:wrc-1750gst2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07BB2AC6-C2ED-4EBD-BE4B-CB7528DDCA3F",
            "versionEndExcluding": "1.14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9045F74-985E-4C3C-AC10-14FD9B61A746"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F07994E-A952-40E2-8C78-AA5FD1794E5F",
            "versionEndExcluding": "1.10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References