CVE-2023-39222

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*

History

04 Oct 2023, 17:09

Type Values Removed Values Added
CWE CWE-78
First Time Furunosystems acera 850m
Furunosystems acera 1010
Furunosystems acera 1210 Firmware
Furunosystems acera 1310
Furunosystems acera 950 Firmware
Furunosystems acera 1110 Firmware
Furunosystems acera 800st Firmware
Furunosystems acera 900
Furunosystems acera 950
Furunosystems acera 1020 Firmware
Furunosystems acera 1320 Firmware
Furunosystems acera 1310 Firmware
Furunosystems acera 1150w Firmware
Furunosystems acera 810
Furunosystems acera 1210
Furunosystems acera 1320
Furunosystems acera 800st
Furunosystems acera 900 Firmware
Furunosystems acera 850m Firmware
Furunosystems acera 1110
Furunosystems acera 1020
Furunosystems acera 850f
Furunosystems acera 1010 Firmware
Furunosystems acera 850f Firmware
Furunosystems acera 1150i Firmware
Furunosystems
Furunosystems acera 810 Firmware
Furunosystems acera 1150i
Furunosystems acera 1150w
CPE cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory

03 Oct 2023, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-03 01:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-39222

Mitre link : CVE-2023-39222

CVE.ORG link : CVE-2023-39222


JSON object : View

Products Affected

furunosystems

  • acera_1150i_firmware
  • acera_850f_firmware
  • acera_1010_firmware
  • acera_950_firmware
  • acera_900
  • acera_1320
  • acera_850m_firmware
  • acera_1150w_firmware
  • acera_900_firmware
  • acera_810
  • acera_1020_firmware
  • acera_1110
  • acera_950
  • acera_850m
  • acera_800st_firmware
  • acera_1310_firmware
  • acera_1110_firmware
  • acera_1320_firmware
  • acera_1210_firmware
  • acera_1210
  • acera_1150w
  • acera_1150i
  • acera_1010
  • acera_1310
  • acera_810_firmware
  • acera_850f
  • acera_1020
  • acera_800st
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')