VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 1, 2021· Updated Aug 3, 2024

CVE-2021-20855

CVE-2021-20855

Description

Cross-site scripting vulnerability in ELECOM LAN routers WRH-733GBK and WRH-733GWH allows remote authenticated attackers to inject arbitrary scripts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in ELECOM LAN routers WRH-733GBK and WRH-733GWH allows remote authenticated attackers to inject arbitrary scripts.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in the web interface of ELECOM LAN routers WRH-733GBK and WRH-733GWH running firmware versions v1.02.9 and earlier [1]. The vulnerability allows an authenticated attacker to inject arbitrary script via unspecified vectors [1].

Exploitation

An attacker must have valid credentials to the router's administrative web interface. The exact input fields or parameters that are vulnerable are not disclosed in the available references [1]. Once authenticated, the attacker can inject a malicious script that will be executed in the context of the victim's browser when the page is viewed [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the browser of any user who accesses the affected router's web interface. This can lead to information disclosure, session hijacking, or other client-side attacks [1].

Mitigation

The available references do not specify a fixed firmware version or workaround for this vulnerability [1]. Users should monitor the vendor's support page for updates and consider restricting access to the router's management interface to trusted networks only.

References
  1. Multiple vulnerabilities in multiple ELECOM LAN routers

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • ELECOM CO.,LTD./WRH-733GBKllm-fuzzy
    Range: <= v1.02.9
  • ELECOM CO.,LTD./ELECOM LAN routersv5
    Range: WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.