CVE-2021-20649

Summary

ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device.

Affected Software

VendorProductVersion RangeStatus
ELECOM CO.,LTD.WRC-300FEBK-SWRC-300FEBK-Saffected

Weaknesses

  • Improper certificate validation

ADP Enrichment

CVE Program Container

Additional References

References