Vulnerability Details : CVE-2023-39222
OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
Products affected by CVE-2023-39222
- cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-39222
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39222
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-39222
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-39222
-
https://www.furunosystems.co.jp/news/info/vulner20231002.html
【重要】無線LANアクセスポイント「STモード」における複数の脆弱性と対処方法について | 業務用wifi(無線lan)のフルノシステムズVendor Advisory
-
https://jvn.jp/en/vu/JVNVU94497038/
JVNVU#94497038: Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) modeThird Party Advisory
Jump to