Vulnerability with ELECOM routers.Recommendation to discontinue use to end support

　Multiple vulnerabilities have been reported to network -related products of ELECOM Corporation and Logitec Co., Ltd.

　ELECOM's target products include the wireless router "WRC-1467GHBK-A", "WRC-300FEBK", "WRC-300FEBK-A", "WRC-300FEBK-S", "WRC-F300NF", network camera "NCC-EWF100RMWH2", Print server "LD-PS/U1", Android application "ELECOM FILE Manager".

　Logitech's target products are the wireless router "LAN-WH450N/Grb", "LAN-W300N/PGRB", and "LAN-W300N/RS".

　The vulnerabilities reported in ELECOM products are as follows.

　Specific contents that may affect the product by abusing the vulnerabilities above are "Change management password", "execution of any script", "execution of any OS command"., "Create and overwrite files".

　The vulnerabilities reported in logitech products are as follows.

　The content that may be affected by the above includes "PIN is deciphered and accessed to the network", "equipment settings are changed", "DOS attack", "any OS command is executed. "Such.

　In this case, ELECOM has been showing how to deal with each product, including logitech products, in a press release on the 26th.For vulnerabilities that may be attacked via a web browser, "do not access other sites at the time of setting operation", "Ends the browser when setting operation is completed", "Delete a password stored in the browser".In addition to listing measures to reduce and avoid, etc., we also recommended that UPNP disabled.For the ELECOM app, the successor application "Elecom Extorage Link" is used.

　However, all products reported the vulnerability this time are not eligible for the update service, and the fundamental solution cannot be expected, so the users of the product will be forced to replace it.