Vulnerabilities > CVE-2021-37384 - Unspecified vulnerability in Furukawa products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

furukawa

critical

NVD

Published: 2023-07-17

Updated: 2024-05-16

Summary

RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.

Vulnerable Configurations

Part	Description	Count
OS	Furukawa Furukawa 423 41W/Ac Firmware - Furukawa Ld421 21W Firmware - Furukawa Ld420 10R Firmware - Furukawa Ld421 21Wv Firmware -	4
Hardware	Furukawa Furukawa 423 41W/Ac - Furukawa Ld421 21W - Furukawa Ld420 10R - Furukawa Ld421 21Wv -	4

References

https://cwe.mitre.org/data/definitions/94.html
https://owasp.org/www-community/attacks/Code_Injection
https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt
https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/