CVE-2022-25915

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-25915
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 6.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://jvn.jp/en/jp/JVN88993473/ Third Party Advisory
https://www.elecom.co.jp/news/security/20211130-01/ Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gst2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gst2a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gst2a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gst2h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gst2h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gs2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gs2-w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:elecom:wrc-1750gs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1750gs:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:elecom:wrc-1750gsv_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1750gsv:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:elecom:wrc-1900gst_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1900gst:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst2:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gsta_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gsta:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst2sp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst2sp:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:elecom:wrc-2533gst2-g_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-2533gst2-g:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:elecom:edwrc-2533gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:edwrc-2533gst2:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gs2-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gs2-b:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:elecom:wrc-1167gs2h-b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1167gs2h-b:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:elecom:wmc-dlgst2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wmc-dlgst2-w:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:elecom:wmc-m1267gst2-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wmc-m1267gst2-w:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:elecom:wmc-2hc-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wmc-2hc-w:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:elecom:wmc-c2533gst-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wmc-c2533gst-w:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:elecom:wrc-1900gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1900gst2:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:elecom:wrc-1900gst2sp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1900gst2sp:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:elecom:wrc-1750gst2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:elecom:wrc-1750gst2:-:*:*:*:*:*:*:*
Information

Published : 2022-03-31 02:15

Updated : 2022-04-07 23:30

NVD link : CVE-2022-25915

Mitre link : CVE-2022-25915

JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa
Products Affected

elecom

  • wrc-1167gst2a_firmware
  • wrc-1167gst2h
  • wrc-1750gst2_firmware
  • wrc-2533gs2-b
  • wmc-m1267gst2-w_firmware
  • wrc-1900gst2sp
  • wmc-c2533gst-w_firmware
  • wrc-1167gs2-b_firmware
  • wrc-2533gst2sp
  • wrc-2533gs2-w
  • wrc-1167gs2h-b
  • wrc-1900gst2_firmware
  • wrc-1900gst
  • wrc-2533gst_firmware
  • wrc-1750gsv_firmware
  • wrc-1750gsv
  • wrc-1750gst2
  • wmc-2hc-w_firmware
  • wrc-1900gst_firmware
  • wrc-1167gst2
  • wmc-dlgst2-w_firmware
  • wrc-2533gst2-g_firmware
  • wrc-1167gs2h-b_firmware
  • wrc-2533gst2
  • wrc-1900gst2sp_firmware
  • wrc-2533gst2sp_firmware
  • wmc-m1267gst2-w
  • wrc-1167gst2_firmware
  • wrc-1900gst2
  • wrc-1750gs_firmware
  • wrc-2533gst
  • wrc-1167gst2a
  • wmc-c2533gst-w
  • wmc-dlgst2-w
  • wrc-2533gsta
  • edwrc-2533gst2
  • wrc-2533gsta_firmware
  • wrc-2533gst2-g
  • wrc-1167gst2h_firmware
  • edwrc-2533gst2_firmware
  • wrc-2533gs2-b_firmware
  • wmc-2hc-w
  • wrc-2533gs2-w_firmware
  • wrc-1167gs2-b
  • wrc-2533gst2_firmware
  • wrc-1750gs