jvndb-2024-003051
Vulnerability from jvndb
Published
2024-04-02 18:03
Modified
2024-04-02 18:03
Severity ?
8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password
Details
In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty (CWE-258) and the remote access service is enabled. The products are affected only when running in non MS mode with the initial configuration. FURUNO SYSTEMS Co.,Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.
References
JVN https://jvn.jp/en/vu/JVNVU99285099/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2024-28744
Empty Password in Configuration File(CWE-258) https://cwe.mitre.org/data/definitions/258.html
Impacted products
FURUNO SYSTEMS Co.,Ltd.ACERA 9010-08
FURUNO SYSTEMS Co.,Ltd.ACERA 9010-24
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
  "dc:date": "2024-04-02T18:03+09:00",
  "dcterms:issued": "2024-04-02T18:03+09:00",
  "dcterms:modified": "2024-04-02T18:03+09:00",
  "description": "In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty (CWE-258) and the remote access service is enabled.\r\n\r\nThe products are affected only when running in non MS mode with the initial configuration.\r\n\r\nFURUNO SYSTEMS Co.,Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-08",
      "@product": "ACERA 9010-08",
      "@vendor": "FURUNO SYSTEMS Co.,Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-24",
      "@product": "ACERA 9010-24",
      "@vendor": "FURUNO SYSTEMS Co.,Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-003051",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU99285099/index.html",
      "@id": "JVNVU#99285099",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28744",
      "@id": "CVE-2024-28744",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/258.html",
      "@id": "CWE-258",
      "@title": "Empty Password in Configuration File(CWE-258)"
    }
  ],
  "title": "FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.