Vulnerability found in ELECOM routers including WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA

ELECOM Co. , Ltd. has notified that some wireless LAN routers have security vulnerabilities. There was no plan to take measures, so we stopped using it and urged to switch to the current product.

WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA released in November / December 2017 have an OS command injection vulnerability. An attacker who has access to a web administration page could execute arbitrary OS commands.

The above two products do not provide updates, but change the login password on the setting screen, do not access other websites while logging in, close the web browser after completing the setting, password for the setting screen saved in the web browser Can be mitigated / avoided by deleting.

On the other hand, for the following products, there is a risk that arbitrary commands can be executed due to improper authentication. This is calling for the discontinuation of the product.

WRC-300FEBK
WRC-F300NF
WRC-733FEBK
WRH-300RD
WRH-300BK
WRH-300SV
WRH-300WH
WRH-300BK-S
WRH-300WH-S
WRH-H300WH
WRH-H300BK