CVE-2023-41086

Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/vu/JVNVU94497038/	Third Party Advisory
https://www.furunosystems.co.jp/news/info/vulner20231002.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*

History

04 Oct 2023, 17:08

Type	Values Removed	Values Added
First Time		Furunosystems acera 850m Furunosystems acera 1010 Furunosystems acera 1210 Firmware Furunosystems acera 950 Firmware Furunosystems acera 1110 Firmware Furunosystems acera 800st Firmware Furunosystems acera 900 Furunosystems acera 950 Furunosystems acera 1020 Firmware Furunosystems acera 1150w Firmware Furunosystems acera 810 Furunosystems acera 1210 Furunosystems acera 800st Furunosystems acera 900 Firmware Furunosystems acera 850m Firmware Furunosystems acera 1110 Furunosystems acera 1020 Furunosystems acera 850f Furunosystems acera 1010 Firmware Furunosystems acera 850f Firmware Furunosystems acera 1150i Firmware Furunosystems Furunosystems acera 810 Firmware Furunosystems acera 1150i Furunosystems acera 1150w
CWE		CWE-352
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:h:furunosystems:acera_800st:-:::::::* cpe:2.3:o:furunosystems:acera_850m_firmware:::::::: cpe:2.3:h:furunosystems:acera_810:-:::::::* cpe:2.3:o:furunosystems:acera_1020_firmware:::::::: cpe:2.3:o:furunosystems:acera_1150w_firmware:::::::: cpe:2.3:h:furunosystems:acera_950:-:::::::* cpe:2.3:h:furunosystems:acera_1150w:-:::::::* cpe:2.3:o:furunosystems:acera_1110_firmware:::::::: cpe:2.3:h:furunosystems:acera_1210:-:::::::* cpe:2.3:h:furunosystems:acera_1010:-:::::::* cpe:2.3:h:furunosystems:acera_850m:-:::::::* cpe:2.3:h:furunosystems:acera_850f:-:::::::* cpe:2.3:h:furunosystems:acera_900:-:::::::* cpe:2.3:h:furunosystems:acera_1020:-:::::::* cpe:2.3:o:furunosystems:acera_810_firmware:::::::: cpe:2.3:o:furunosystems:acera_900_firmware:::::::: cpe:2.3:o:furunosystems:acera_950_firmware:::::::: cpe:2.3:o:furunosystems:acera_800st_firmware:::::::: cpe:2.3:o:furunosystems:acera_1010_firmware:::::::: cpe:2.3:h:furunosystems:acera_1150i:-:::::::* cpe:2.3:h:furunosystems:acera_1110:-:::::::* cpe:2.3:o:furunosystems:acera_850f_firmware:::::::: cpe:2.3:o:furunosystems:acera_1150i_firmware:::::::: cpe:2.3:o:furunosystems:acera_1210_firmware::::::::
References	~~(MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html -~~	(MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory
References	~~(MISC) https://jvn.jp/en/vu/JVNVU94497038/ -~~	(MISC) https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory

03 Oct 2023, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-03 01:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-41086

Mitre link : CVE-2023-41086

CVE.ORG link : CVE-2023-41086

JSON object : View

Products Affected

furunosystems

acera_1150i_firmware
acera_850f_firmware
acera_1010_firmware
acera_950_firmware
acera_900
acera_850m_firmware
acera_900_firmware
acera_1150w_firmware
acera_810
acera_1020_firmware
acera_1110
acera_950
acera_850m
acera_800st_firmware
acera_1110_firmware
acera_1210_firmware
acera_1210
acera_1150w
acera_1150i
acera_1010
acera_810_firmware
acera_850f
acera_1020
acera_800st

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

8.8 /10