[Japanese]

JVNDB-2023-003767

Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode

Overview

Wireless LAN access point devices provided by FURUNO SYSTEMS Co.,Ltd., running in ST(Standalone) mode, contain multiple vulnerabilities listed below.

* OS Command Injection (CWE-78) - CVE-2023-39222
* Cross-site Scripting (CWE-79) - CVE-2023-39429
* Cross-Site Request Forgery (CWE-352) - CVE-2023-41086
* Authentication Bypass (CWE-288) - CVE-2023-42771
* Path traversal (CWE-22) - CVE-2023-43627

Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported OS Command Injection vulnerability (CVE-2023-39222) to JPCERT/CC.
JPCERT/CC coordinated with the developer.

As a result of the developer's investigation into this report, other vulnerabilities were newly discovered and addressed.
The developer reported these vulnerabilities to notify users of the solution through JVN. JPCERT/CC coordinated with the developer for the publication.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.3 (High) [Other]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2023-42771


CVSS V3 Severity:
Base Metrics:6.8 (Medium) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-39222


CVSS V3 Severity:
Base Metrics:7.6 (High) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-39429


CVSS V3 Severity:
Base Metrics:7.5 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-41086


CVSS V3 Severity:
Base Metrics:6.8 (Medium) [Other]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-43627
Affected Products


FURUNO SYSTEMS Co.,Ltd.
  • ACERA 1010 firmware ver.01.86 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 1020 firmware ver.01.86 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 1110 firmware ver.01.76 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 1150i firmware ver.01.35 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 1150w firmware ver.01.35 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 1210 firmware ver.02.36 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 1310 firmware ver.01.26 and earlier - CVE-2023-39222, CVE-2023-42771, CVE-2023-43627
  • ACERA 1320 firmware ver.01.26 and earlier - CVE-2023-39222, CVE-2023-42771, CVE-2023-43627
  • ACERA 800ST firmware ver.07.35 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 810 firmware ver.03.74 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 850F firmware ver.01.60 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 850M firmware ver.02.06 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 900 firmware ver.02.54 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086
  • ACERA 950 firmware ver.01.60 and earlier - CVE-2023-39222, CVE-2023-39429, CVE-2023-41086

Impact

* An authenticated user may execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request - CVE-2023-39222
* When an authenticated user has a crafted configuration, an arbitrary script may be executed on a logged-in user's web browser - CVE-2023-39429
* If a user views a malicious page while logged in, unintended operations may be performed - CVE-2023-41086
* A network-adjacent attacker who can access the affected product may download configuration files and/or log files, and upload configuration files and/or firmware - CVE-2023-42771
* An authenticated user may alter critical information such as system files by sending a specially crafted request - CVE-2023-43627
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.

[Stop using the products]
According to the developer, some affected products are no longer supported. (See Maintenance period for ACERA).
Stop using the unsupported products.

The developer provides additional information on workarounds for these issues.
Check the information from the developer for details.
Vendor Information

FURUNO SYSTEMS Co.,Ltd.
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [Other]
  2. Authentication Bypass Using an Alternate Path or Channel(CWE-288) [Other]
  3. Cross-Site Request Forgery(CWE-352) [Other]
  4. OS Command Injection(CWE-78) [Other]
  5. Cross-site Scripting(CWE-79) [Other]
CVE (What is CVE?)

  1. CVE-2023-39222
  2. CVE-2023-39429
  3. CVE-2023-41086
  4. CVE-2023-42771
  5. CVE-2023-43627
References

  1. JVN : JVNVU#94497038
  2. National Vulnerability Database (NVD) : CVE-2023-39222
  3. National Vulnerability Database (NVD) : CVE-2023-39429
  4. National Vulnerability Database (NVD) : CVE-2023-41086
  5. National Vulnerability Database (NVD) : CVE-2023-42771
  6. National Vulnerability Database (NVD) : CVE-2023-43627
Revision History

  • [2023/10/03]
      Web page was published
  • [2024/05/22]
      References : Contents were added