CVE-2021-37384

RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cwe.mitre.org/data/definitions/94.html	Not Applicable
https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt	Third Party Advisory
https://owasp.org/www-community/attacks/Code_Injection	Not Applicable
https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:furukawa:423-41w\/ac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:423-41w\/ac:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:furukawa:ld421-21w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:ld421-21w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:furukawa:ld420-10r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:ld420-10r:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:furukawa:ld421-21wv_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:ld421-21wv:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-17 21:15

Updated : 2024-05-16 22:15

NVD link : CVE-2021-37384

Mitre link : CVE-2021-37384

CVE.ORG link : CVE-2021-37384

JSON object : View

Products Affected

furukawa

ld421-21wv_firmware
ld420-10r
ld421-21w
423-41w\/ac_firmware
ld421-21wv
ld421-21w_firmware
ld420-10r_firmware
423-41w\/ac

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-37384", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-07-17T21:15:09.307", "references": [{"url": "https://cwe.mitre.org/data/definitions/94.html", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://owasp.org/www-community/attacks/Code_Injection", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface."}], "lastModified": "2024-05-16T22:15:08.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:423-41w\\/ac_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D96F6757-53C3-4330-B099-6FAB60225E9E", "versionEndExcluding": "1.2.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:423-41w\\/ac:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DFB812F0-EED1-4EE4-A86B-6F60CC6C0DFE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:ld421-21w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F24790A4-9406-4622-A6B1-0871307728F6", "versionEndExcluding": "1.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:ld421-21w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4C3407C3-5035-47D2-927A-FDFB4785014B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:ld420-10r_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EC28BBB-AB0B-4A9D-8896-10A745C990FF", "versionEndExcluding": "1.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:ld420-10r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "525A4855-AB6B-4AAD-BC61-A0D4A855D725"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:ld421-21wv_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21E2D847-766F-4537-9B92-CA76CFDE0871", "versionEndExcluding": "1.5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:ld421-21wv:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32F65580-097F-45D3-AB80-9D633095F711"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}