Published:2023/10/02  Last Updated:2023/10/02

JVNVU#94497038
Multiple vulnerabilities in multiple FURUNO SYSTEMS wireless LAN access point devices in ST(Standalone) mode

Overview

Multiple wireless LAN access point devices provided by FURUNO SYSTEMS Co.,Ltd. contain multiple vulnerabilities.
They are affected when running in ST(Standalone) mode.

Products Affected

CVE-2023-39222、CVE-2023-39429、CVE-2023-41086

  • ACERA 1210 firmware ver.02.36 and earlier
  • ACERA 1150i firmware ver.01.35 and earlier
  • ACERA 1150w firmware ver.01.35 and earlier
  • ACERA 1110 firmware ver.01.76 and earlier
  • ACERA 1020 firmware ver.01.86 and earlier
  • ACERA 1010 firmware ver.01.86 and earlier
  • ACERA 950 firmware ver.01.60 and earlier
  • ACERA 850F firmware ver.01.60 and earlier
  • ACERA 900 firmware ver.02.54 and earlier
  • ACERA 850M firmware ver.02.06 and earlier
  • ACERA 810 firmware ver.03.74 and earlier
  • ACERA 800ST firmware ver.07.35 and earlier
CVE-2023-39222、CVE-2023-42771、CVE-2023-43627
  • ACERA 1320 firmware ver.01.26 and earlier
  • ACERA 1310 firmware ver.01.26 and earlier

Description

Wireless LAN access point devices provided by FURUNO SYSTEMS Co.,Ltd., running in ST(Standalone) mode, contain multiple vulnerabilities listed below.

  • OS Command Injection (CWE-78) - CVE-2023-39222
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
  • Cross-site Scripting (CWE-79) - CVE-2023-39429
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N Base Score: 7.6
  • Cross-Site Request Forgery (CWE-352) - CVE-2023-41086
    CVSS v3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.5
  • Authentication Bypass (CWE-288) - CVE-2023-42771
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L Base Score: 8.3
  • Path traversal (CWE-22) - CVE-2023-43627
    CVSS v3 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8

Impact

  • An authenticated user may execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request - CVE-2023-39222
  • When an authenticated user has a crafted configuration, an arbitrary script may be executed on a logged-in user's web browser - CVE-2023-39429
  • If a user views a malicious page while logged in, unintended operations may be performed - CVE-2023-41086
  • A network-adjacent attacker who can access the affected product may download configuration files and/or log files, and upload configuration files and/or firmware - CVE-2023-42771
  • An authenticated user may alter critical information such as system files by sending a specially crafted request - CVE-2023-43627

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.

Stop using the products
According to the developer, some affected products are no longer supported. (See Maintenance period for ACERA).
Stop using the unsupported products.

The developer provides additional information on workarounds for these issues.
Check the information from the developer for details.

Vendor Status

Vendor Link
FURUNO SYSTEMS Co.,Ltd. Multiple vulnerabilities in ACERA ST(Standalone) mode (Text in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Katsuhiko Sato(a.k.a. goroh_kun) of 00One, Inc. reported OS Command Injection vulnerability (CVE-2023-39222) to JPCERT/CC.
JPCERT/CC coordinated with the developer.

As a result of the developer's investigation into this report, other vulnerabilities were newly discovered and addressed.
The developer reported these vulnerabilities to notify users of the solution through JVN. JPCERT/CC coordinated with the developer for the publication.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-39222
CVE-2023-39429
CVE-2023-41086
CVE-2023-42771
CVE-2023-43627
JVN iPedia

Update History

2023/10/02
Information under the section "Products Affected" was updated.