All the vulnerabilites related to FURUNO SYSTEMS Co.,Ltd. - ACERA 1310 firmware
jvndb-2023-003767
Vulnerability from jvndb
Published
2023-10-03 14:26
Modified
2024-05-22 18:01
Severity ?
Summary
Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode
Details
Wireless LAN access point devices provided by FURUNO SYSTEMS Co.,Ltd., running in ST(Standalone) mode, contain multiple vulnerabilities listed below.
* OS Command Injection (CWE-78) - CVE-2023-39222
* Cross-site Scripting (CWE-79) - CVE-2023-39429
* Cross-Site Request Forgery (CWE-352) - CVE-2023-41086
* Authentication Bypass (CWE-288) - CVE-2023-42771
* Path traversal (CWE-22) - CVE-2023-43627
Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported OS Command Injection vulnerability (CVE-2023-39222) to JPCERT/CC.
JPCERT/CC coordinated with the developer.
As a result of the developer's investigation into this report, other vulnerabilities were newly discovered and addressed.
The developer reported these vulnerabilities to notify users of the solution through JVN. JPCERT/CC coordinated with the developer for the publication.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003767.html",
"dc:date": "2024-05-22T18:01+09:00",
"dcterms:issued": "2023-10-03T14:26+09:00",
"dcterms:modified": "2024-05-22T18:01+09:00",
"description": "Wireless LAN access point devices provided by FURUNO SYSTEMS Co.,Ltd., running in ST(Standalone) mode, contain multiple vulnerabilities listed below.\r\n\r\n* OS Command Injection (CWE-78) - CVE-2023-39222\r\n* Cross-site Scripting (CWE-79) - CVE-2023-39429\r\n* Cross-Site Request Forgery (CWE-352) - CVE-2023-41086\r\n* Authentication Bypass (CWE-288) - CVE-2023-42771\r\n* Path traversal (CWE-22) - CVE-2023-43627\r\n\r\nKatsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported OS Command Injection vulnerability (CVE-2023-39222) to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nAs a result of the developer\u0027s investigation into this report, other vulnerabilities were newly discovered and addressed.\r\nThe developer reported these vulnerabilities to notify users of the solution through JVN. JPCERT/CC coordinated with the developer for the publication.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003767.html",
"sec:cpe": [
{
"#text": "cpe:/o:furunosystems:acera_1010_firmware",
"@product": "ACERA 1010 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_1020_firmware",
"@product": "ACERA 1020 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_1110_firmware",
"@product": "ACERA 1110 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_1150i_firmware",
"@product": "ACERA 1150i firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_1150w_firmware",
"@product": "ACERA 1150w firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_1210_firmware",
"@product": "ACERA 1210 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_1310_firmware",
"@product": "ACERA 1310 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_1320_firmware",
"@product": "ACERA 1320 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_800st_firmware",
"@product": "ACERA 800ST firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_810_firmware",
"@product": "ACERA 810 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_850f_firmware",
"@product": "ACERA 850F firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_850m_firmware",
"@product": "ACERA 850M firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_900_firmware",
"@product": "ACERA 900 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:furunosystems:acera_950_firmware",
"@product": "ACERA 950 firmware",
"@vendor": "FURUNO SYSTEMS Co.,Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-003767",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU94497038/index.html",
"@id": "JVNVU#94497038",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39222",
"@id": "CVE-2023-39222",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-39429",
"@id": "CVE-2023-39429",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-41086",
"@id": "CVE-2023-41086",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-42771",
"@id": "CVE-2023-42771",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43627",
"@id": "CVE-2023-43627",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39222",
"@id": "CVE-2023-39222",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-39429",
"@id": "CVE-2023-39429",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-41086",
"@id": "CVE-2023-41086",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-42771",
"@id": "CVE-2023-42771",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43627",
"@id": "CVE-2023-43627",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/288.html",
"@id": "CWE-288",
"@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode"
}