CVE-2023-41086

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41086
Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU94497038/ Third Party Advisory
https://www.furunosystems.co.jp/news/info/vulner20231002.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU94497038/ Third Party Advisory
https://www.furunosystems.co.jp/news/info/vulner20231002.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:20

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory () https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory
References () https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory () https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory

04 Oct 2023, 17:08

Type Values Removed Values Added
First Time Furunosystems acera 850m
Furunosystems acera 1010
Furunosystems acera 1210 Firmware
Furunosystems acera 950 Firmware
Furunosystems acera 1110 Firmware
Furunosystems acera 800st Firmware
Furunosystems acera 900
Furunosystems acera 950
Furunosystems acera 1020 Firmware
Furunosystems acera 1150w Firmware
Furunosystems acera 810
Furunosystems acera 1210
Furunosystems acera 800st
Furunosystems acera 900 Firmware
Furunosystems acera 850m Firmware
Furunosystems acera 1110
Furunosystems acera 1020
Furunosystems acera 850f
Furunosystems acera 1010 Firmware
Furunosystems acera 850f Firmware
Furunosystems acera 1150i Firmware
Furunosystems
Furunosystems acera 810 Firmware
Furunosystems acera 1150i
Furunosystems acera 1150w
CWE CWE-352
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
References (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory

03 Oct 2023, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-03 01:15

Updated : 2024-11-21 08:20

NVD link : CVE-2023-41086

Mitre link : CVE-2023-41086

CVE.ORG link : CVE-2023-41086

JSON object : View

Products Affected

furunosystems

  • acera_1010_firmware
  • acera_1110
  • acera_800st_firmware
  • acera_850f
  • acera_850m
  • acera_900
  • acera_950_firmware
  • acera_1150i
  • acera_1210
  • acera_950
  • acera_1150w_firmware
  • acera_1210_firmware
  • acera_800st
  • acera_1020
  • acera_810
  • acera_850m_firmware
  • acera_1110_firmware
  • acera_850f_firmware
  • acera_1010
  • acera_900_firmware
  • acera_1020_firmware
  • acera_810_firmware
  • acera_1150i_firmware
  • acera_1150w
CWE
CWE-352

Cross-Site Request Forgery (CSRF)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024