CVE-2023-39222

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-39222
OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU94497038/ Third Party Advisory
https://www.furunosystems.co.jp/news/info/vulner20231002.html Vendor Advisory
https://jvn.jp/en/vu/JVNVU94497038/ Third Party Advisory
https://www.furunosystems.co.jp/news/info/vulner20231002.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:14

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory () https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory
References () https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory () https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory

04 Oct 2023, 17:09

Type Values Removed Values Added
References (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - (MISC) https://www.furunosystems.co.jp/news/info/vulner20231002.html - Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - (MISC) https://jvn.jp/en/vu/JVNVU94497038/ - Third Party Advisory
First Time Furunosystems acera 810
Furunosystems acera 850m
Furunosystems acera 800st Firmware
Furunosystems acera 950 Firmware
Furunosystems acera 1210 Firmware
Furunosystems acera 1150i
Furunosystems acera 1010
Furunosystems acera 810 Firmware
Furunosystems acera 850m Firmware
Furunosystems acera 1150w
Furunosystems acera 850f Firmware
Furunosystems acera 1320
Furunosystems acera 1150i Firmware
Furunosystems acera 1110
Furunosystems acera 1010 Firmware
Furunosystems acera 1110 Firmware
Furunosystems acera 1150w Firmware
Furunosystems acera 1310 Firmware
Furunosystems acera 900
Furunosystems acera 1020
Furunosystems acera 900 Firmware
Furunosystems acera 1020 Firmware
Furunosystems acera 1210
Furunosystems
Furunosystems acera 800st
Furunosystems acera 850f
Furunosystems acera 1320 Firmware
Furunosystems acera 950
Furunosystems acera 1310
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*
cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*
CWE CWE-78

03 Oct 2023, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-03 01:15

Updated : 2024-11-21 08:14

NVD link : CVE-2023-39222

Mitre link : CVE-2023-39222

CVE.ORG link : CVE-2023-39222

JSON object : View

Products Affected

furunosystems

  • acera_850m_firmware
  • acera_1320_firmware
  • acera_1210
  • acera_900
  • acera_1310
  • acera_1150i
  • acera_1150i_firmware
  • acera_810_firmware
  • acera_1110
  • acera_1310_firmware
  • acera_850f_firmware
  • acera_1150w
  • acera_950_firmware
  • acera_1150w_firmware
  • acera_800st
  • acera_850f
  • acera_1110_firmware
  • acera_950
  • acera_1010_firmware
  • acera_800st_firmware
  • acera_1010
  • acera_1320
  • acera_1020
  • acera_810
  • acera_900_firmware
  • acera_1210_firmware
  • acera_850m
  • acera_1020_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')