JVN#83834277
Multiple vulnerabilities in FS010W

Overview

FS010W provided by FUJI SOFT INCORPORATED contains multiple vulnerabilities.

Products Affected

• FS010W firmware FS010W_00_V1.3.0 and earlier

Description

FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below.

• Stored cross-site scripting (CWE-79) - CVE-2018-0519

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	Base Score: 4.3
  CVSS v2	AV:A/AC:L/Au:S/C:N/I:P/A:N	Base Score: 2.7

• Cross-site request forgery (CWE-352) - CVE-2018-0520

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N	Base Score: 7.1
  CVSS v2	AV:N/AC:H/Au:N/C:P/I:P/A:N	Base Score: 4.0

Impact

The possible impact of each vulnerability is as follows:

• An arbitrary script may be executed on the web browser of a user who is logging in the setting tool of the device - CVE-2018-0519
• If a user views a malicious page while logged in the setting tool of the affected product, unintended operations such as changing settings of the device may be conducted. - CVE-2018-0520

Solution

Apply Workarounds
Applying all workarounds listed below may mitigate the impacts of these vulnerabilities.

• Change the initial login password set in the setting tool
• Do not access other websites while logged into the setting tool
• Close the web browser after completing settings of the device using the setting tool