Vulnerability Details : CVE-2023-41086
Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2023-41086
- cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-41086
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-41086
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2023-41086
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-41086
-
https://www.furunosystems.co.jp/news/info/vulner20231002.html
【重要】無線LANアクセスポイント「STモード」における複数の脆弱性と対処方法について | 業務用wifi(無線lan)のフルノシステムズVendor Advisory
-
https://jvn.jp/en/vu/JVNVU94497038/
JVNVU#94497038: Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) modeThird Party Advisory
Jump to