8.8
CVE-2022-21173
- EPSS 0.44%
- Veröffentlicht 08.02.2022 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:44:02
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginHidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elecom ≫ Wrh-300bk3 Firmware Version <= 1.05
Elecom ≫ Wrh-300wh3 Firmware Version <= 1.05
Elecom ≫ Wrh-300bk3-s Firmware Version <= 1.05
Elecom ≫ Wrh-300wh3-s Firmware Version <= 1.05
Elecom ≫ Wrh-300lb3-s Firmware Version <= 1.05
Elecom ≫ Wrh-300pn3-s Firmware Version <= 1.05
Elecom ≫ Wrh-300yg3-s Firmware Version <= 1.05
Elecom ≫ Wrh-300dr3-s Firmware Version <= 1.05
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.349 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
https://jvn.jp/en/jp/JVN17482543/index.html
https://www.elecom.co.jp/news/security/20220208-02/