Lucene search

JpcertCVE-2023-39429

HistoryOct 03, 2023 - 1:15 a.m.

CVE-2023-39429

2023-10-0301:15:56

CWE-79

jpcert

web.nvd.nist.gov

cve-2023-39429

cross-site scripting

vulnerability

furuno systems

wlan

access point

acera

firmware

st mode

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.

Affected configurations

Nvd

Vulners

Node

furunosystemsacera_1210_firmwareRange≤02.36

AND

furunosystemsacera_1210Match-

Node

furunosystemsacera_1150i_firmwareRange≤01.35

AND

furunosystemsacera_1150iMatch-

Node

furunosystemsacera_1150w_firmwareRange≤01.35

AND

furunosystemsacera_1150wMatch-

Node

furunosystemsacera_1110_firmwareRange≤01.76

AND

furunosystemsacera_1110Match-

Node

furunosystemsacera_1020_firmwareRange≤01.86

AND

furunosystemsacera_1020Match-

Node

furunosystemsacera_1010_firmwareRange≤01.86

AND

furunosystemsacera_1010Match-

Node

furunosystemsacera_950_firmwareRange≤01.60

AND

furunosystemsacera_950Match-

Node

furunosystemsacera_850f_firmwareRange≤01.60

AND

furunosystemsacera_850fMatch-

Node

furunosystemsacera_900_firmwareRange≤02.54

AND

furunosystemsacera_900Match-

Node

furunosystemsacera_850m_firmwareRange≤02.06

AND

furunosystemsacera_850mMatch-

Node

furunosystemsacera_810_firmwareRange≤03.74

AND

furunosystemsacera_810Match-

Node

furunosystemsacera_800st_firmwareRange≤07.35

AND

furunosystemsacera_800stMatch-

VendorProductVersionCPE
furunosystemsacera_1210_firmware*cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
furunosystemsacera_1210-cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*
furunosystemsacera_1150i_firmware*cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
furunosystemsacera_1150i-cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*
furunosystemsacera_1150w_firmware*cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
furunosystemsacera_1150w-cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*
furunosystemsacera_1110_firmware*cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
furunosystemsacera_1110-cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*
furunosystemsacera_1020_firmware*cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
furunosystemsacera_1020-cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
furunosystems	acera_1210_firmware	*	cpe:2.3:o:furunosystems:acera_1210_firmware::::::::
furunosystems	acera_1210	-	cpe:2.3:h:furunosystems:acera_1210:-:::::::*
furunosystems	acera_1150i_firmware	*	cpe:2.3:o:furunosystems:acera_1150i_firmware::::::::
furunosystems	acera_1150i	-	cpe:2.3:h:furunosystems:acera_1150i:-:::::::*
furunosystems	acera_1150w_firmware	*	cpe:2.3:o:furunosystems:acera_1150w_firmware::::::::
furunosystems	acera_1150w	-	cpe:2.3:h:furunosystems:acera_1150w:-:::::::*
furunosystems	acera_1110_firmware	*	cpe:2.3:o:furunosystems:acera_1110_firmware::::::::
furunosystems	acera_1110	-	cpe:2.3:h:furunosystems:acera_1110:-:::::::*
furunosystems	acera_1020_firmware	*	cpe:2.3:o:furunosystems:acera_1020_firmware::::::::
furunosystems	acera_1020	-	cpe:2.3:h:furunosystems:acera_1020:-:::::::*

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 1210",
    "versions": [
      {
        "version": "firmware ver.02.36 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 1150i",
    "versions": [
      {
        "version": "firmware ver.01.35 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 1150w",
    "versions": [
      {
        "version": "firmware ver.01.35 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 1110",
    "versions": [
      {
        "version": "firmware ver.01.76 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 1020",
    "versions": [
      {
        "version": "firmware ver.01.86 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 1010",
    "versions": [
      {
        "version": "firmware ver.01.86 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 950",
    "versions": [
      {
        "version": "firmware ver.01.60 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 850F",
    "versions": [
      {
        "version": "firmware ver.01.60 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 900",
    "versions": [
      {
        "version": "firmware ver.02.54 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 850M",
    "versions": [
      {
        "version": "firmware ver.02.06 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 810",
    "versions": [
      {
        "version": "firmware ver.03.74 and earlier",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "FURUNO SYSTEMS Co.,Ltd.",
    "product": "ACERA 800ST",
    "versions": [
      {
        "version": "firmware ver.07.35 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU94497038/

www.furunosystems.co.jp/news/info/vulner20231002.html

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Related for CVE-2023-39429