CVE-2023-41086

Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:20

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory () https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory
References () https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory () https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory

04 Oct 2023, 17:08

Type Values Removed Values Added
First Time Furunosystems acera 850m
Furunosystems acera 1010
Furunosystems acera 1210 Firmware
Furunosystems acera 950 Firmware
Furunosystems acera 1110 Firmware
Furunosystems acera 800st Firmware
Furunosystems acera 900
Furunosystems acera 950
Furunosystems acera 1020 Firmware
Furunosystems acera 1150w Firmware
Furunosystems acera 810
Furunosystems acera 1210
Furunosystems acera 800st
Furunosystems acera 900 Firmware
Furunosystems acera 850m Firmware
Furunosystems acera 1110
Furunosystems acera 1020
Furunosystems acera 850f
Furunosystems acera 1010 Firmware
Furunosystems acera 850f Firmware
Furunosystems acera 1150i Firmware
Furunosystems
Furunosystems acera 810 Firmware
Furunosystems acera 1150i
Furunosystems acera 1150w
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
References (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory

03 Oct 2023, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-03 01:15

Updated : 2024-11-21 08:20


NVD link : CVE-2023-41086

Mitre link : CVE-2023-41086

CVE.ORG link : CVE-2023-41086


JSON object : View

Products Affected

furunosystems

  • acera_1010_firmware
  • acera_1110
  • acera_800st_firmware
  • acera_850f
  • acera_850m
  • acera_900
  • acera_950_firmware
  • acera_1150i
  • acera_1210
  • acera_950
  • acera_1150w_firmware
  • acera_1210_firmware
  • acera_800st
  • acera_1020
  • acera_810
  • acera_850m_firmware
  • acera_1110_firmware
  • acera_850f_firmware
  • acera_1010
  • acera_900_firmware
  • acera_1020_firmware
  • acera_810_firmware
  • acera_1150i_firmware
  • acera_1150w
CWE
CWE-352

Cross-Site Request Forgery (CSRF)