Search
Find a vulnerability
Search criteria
4 vulnerabilities found for ld421-21w_firmware by furukawa
CVE-2021-37384 (GCVE-0-2021-37384)
Vulnerability from nvd – Published: 2023-07-17 00:00 – Updated: 2024-08-04 01:16
VLAI
Summary
RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| furukawa | ld420-10r_firmware |
Affected:
0 , < 1.4.0
(custom)
cpe:2.3:o:furukawa:ld420-10r_firmware:-:*:*:*:*:*:*:* |
|
| furukawa | ld421-21w_firmware |
Affected:
0 , < 1.5.0
(custom)
cpe:2.3:o:furukawa:ld421-21w_firmware:-:*:*:*:*:*:*:* |
|
| furukawa | ld421-21wv_firmware |
Affected:
0 , < 1.5.0
(custom)
cpe:2.3:o:furukawa:ld421-21wv_firmware:-:*:*:*:*:*:*:* |
|
| furukawa | 423-41w\/ac_firmware |
Affected:
0 , < 1.2.0
(custom)
cpe:2.3:o:furukawa:423-41w\/ac_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:furukawa:ld420-10r_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ld420-10r_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:furukawa:ld421-21w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ld421-21w_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:furukawa:ld421-21wv_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ld421-21wv_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:furukawa:423-41w\\/ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "423-41w\\/ac_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-37384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T16:21:43.983284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:34:26.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/Code_Injection"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T21:53:14.896Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"url": "https://owasp.org/www-community/attacks/Code_Injection"
},
{
"url": "https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt"
},
{
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37384",
"datePublished": "2023-07-17T00:00:00.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:16:03.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37386 (GCVE-0-2021-37386)
Vulnerability from nvd – Published: 2023-07-17 00:00 – Updated: 2024-10-29 13:44
VLAI
Summary
Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-37386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T16:33:22.513703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:44:51.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T22:11:10.815Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"
},
{
"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"
},
{
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37386",
"datePublished": "2023-07-17T00:00:00.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-10-29T13:44:51.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37384 (GCVE-0-2021-37384)
Vulnerability from cvelistv5 – Published: 2023-07-17 00:00 – Updated: 2024-08-04 01:16
VLAI
Summary
RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| furukawa | ld420-10r_firmware |
Affected:
0 , < 1.4.0
(custom)
cpe:2.3:o:furukawa:ld420-10r_firmware:-:*:*:*:*:*:*:* |
|
| furukawa | ld421-21w_firmware |
Affected:
0 , < 1.5.0
(custom)
cpe:2.3:o:furukawa:ld421-21w_firmware:-:*:*:*:*:*:*:* |
|
| furukawa | ld421-21wv_firmware |
Affected:
0 , < 1.5.0
(custom)
cpe:2.3:o:furukawa:ld421-21wv_firmware:-:*:*:*:*:*:*:* |
|
| furukawa | 423-41w\/ac_firmware |
Affected:
0 , < 1.2.0
(custom)
cpe:2.3:o:furukawa:423-41w\/ac_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:furukawa:ld420-10r_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ld420-10r_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:furukawa:ld421-21w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ld421-21w_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:furukawa:ld421-21wv_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ld421-21wv_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:furukawa:423-41w\\/ac_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "423-41w\\/ac_firmware",
"vendor": "furukawa",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-37384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T16:21:43.983284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T17:34:26.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/Code_Injection"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T21:53:14.896Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"url": "https://owasp.org/www-community/attacks/Code_Injection"
},
{
"url": "https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt"
},
{
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37384",
"datePublished": "2023-07-17T00:00:00.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:16:03.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37386 (GCVE-0-2021-37386)
Vulnerability from cvelistv5 – Published: 2023-07-17 00:00 – Updated: 2024-10-29 13:44
VLAI
Summary
Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-37386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T16:33:22.513703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:44:51.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"
},
{
"tags": [
"x_transferred"
],
"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T22:11:10.815Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"
},
{
"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"
},
{
"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37386",
"datePublished": "2023-07-17T00:00:00.000Z",
"dateReserved": "2021-07-21T00:00:00.000Z",
"dateUpdated": "2024-10-29T13:44:51.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}