All the vulnerabilites related to FUJISOFT INCORPORATED - +F FS020W
jvndb-2022-000084
Vulnerability from jvndb
Published
2022-10-28 15:12
Modified
2024-06-06 16:48
Severity ?
Summary
Multiple vulnerabilities in FUJI SOFT network devices
Details
USB dongle +F FS040U and mobile routers +F FS020W/+F FS030W/+F FS040W provided by FUJI SOFT INCORPORATED contain multiple vulnerabilities listed below.
<ul><li>Plaintext Storage of a Password (CWE-256) - CVE-2022-43442<li>Cross-Site Request Forgery (CWE-352) - CVE-2022-43470</ul>
Tomohisa Hasegawa of Canon IT Solutions Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN74285622/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-43442 | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2022-43470 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-43442 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-43470 | |
| Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000084.html",
"dc:date": "2024-06-06T16:48+09:00",
"dcterms:issued": "2022-10-28T15:12+09:00",
"dcterms:modified": "2024-06-06T16:48+09:00",
"description": "USB dongle +F FS040U and mobile routers +F FS020W/+F FS030W/+F FS040W provided by FUJI SOFT INCORPORATED contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003ePlaintext Storage of a Password (CWE-256) - CVE-2022-43442\u003cli\u003eCross-Site Request Forgery (CWE-352) - CVE-2022-43470\u003c/ul\u003e\r\nTomohisa Hasegawa of Canon IT Solutions Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000084.html",
"sec:cpe": [
{
"#text": "cpe:/o:fsi:fs020w_firmware",
"@product": "+F FS020W",
"@vendor": "FUJISOFT INCORPORATED",
"@version": "2.2"
},
{
"#text": "cpe:/o:fsi:fs030w_firmware",
"@product": "+F FS030W",
"@vendor": "FUJISOFT INCORPORATED",
"@version": "2.2"
},
{
"#text": "cpe:/o:fsi:fs040u_firmware",
"@product": "+F FS040U",
"@vendor": "FUJISOFT INCORPORATED",
"@version": "2.2"
},
{
"#text": "cpe:/o:fsi:fs040w_firmware",
"@product": "+F FS040W",
"@vendor": "FUJISOFT INCORPORATED",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.2",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:H/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "4.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2022-000084",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN74285622/index.html",
"@id": "JVN#74285622",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43442",
"@id": "CVE-2022-43442",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2022-43470",
"@id": "CVE-2022-43470",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43442",
"@id": "CVE-2022-43442",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43470",
"@id": "CVE-2022-43470",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple vulnerabilities in FUJI SOFT network devices"
}