CVE-2023-39429

Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*

History

04 Oct 2023, 17:08

Type Values Removed Values Added
CWE CWE-79
References (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CPE cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
First Time Furunosystems acera 850m
Furunosystems acera 1010
Furunosystems acera 1210 Firmware
Furunosystems acera 950 Firmware
Furunosystems acera 1110 Firmware
Furunosystems acera 800st Firmware
Furunosystems acera 900
Furunosystems acera 950
Furunosystems acera 1020 Firmware
Furunosystems acera 1150w Firmware
Furunosystems acera 810
Furunosystems acera 1210
Furunosystems acera 800st
Furunosystems acera 900 Firmware
Furunosystems acera 850m Firmware
Furunosystems acera 1110
Furunosystems acera 1020
Furunosystems acera 850f
Furunosystems acera 1010 Firmware
Furunosystems acera 850f Firmware
Furunosystems acera 1150i Firmware
Furunosystems
Furunosystems acera 810 Firmware
Furunosystems acera 1150i
Furunosystems acera 1150w

03 Oct 2023, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-03 01:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-39429

Mitre link : CVE-2023-39429

CVE.ORG link : CVE-2023-39429


JSON object : View

Products Affected

furunosystems

  • acera_1150i_firmware
  • acera_850f_firmware
  • acera_1010_firmware
  • acera_950_firmware
  • acera_900
  • acera_850m_firmware
  • acera_900_firmware
  • acera_1150w_firmware
  • acera_810
  • acera_1020_firmware
  • acera_1110
  • acera_950
  • acera_850m
  • acera_800st_firmware
  • acera_1110_firmware
  • acera_1210_firmware
  • acera_1210
  • acera_1150w
  • acera_1150i
  • acera_1010
  • acera_810_firmware
  • acera_850f
  • acera_1020
  • acera_800st
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')