PT-2023-12317 · Furukawa · Furukawa 423-41W/Ac+2
Published
2023-07-17
·
Updated
2024-08-01
·
CVE-2021-37384
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Furukawa ONU models (affected versions not specified)
Furukawa 423-41W/AC versions prior to 1.1.4
Furukawa LD421-21W versions prior to 1.3.3
Description
A Remote Code Execution (RCE) vulnerability was found, allowing remote unauthenticated users to send arbitrary commands to the device via the web interface. This issue affects the web interface component and enables unauthenticated attackers to execute commands on the device.
Recommendations
For Furukawa 423-41W/AC versions prior to 1.1.4, update to version 1.1.4 or later.
For Furukawa LD421-21W versions prior to 1.3.3, update to version 1.3.3 or later.
As a temporary workaround, consider restricting access to the web interface until a patch is applied.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Furukawa 423-41W/Ac
Furukawa Ld421-21W
Furukawa Onu