CVE-2021-37384

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-37384
RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cwe.mitre.org/data/definitions/94.html Not Applicable
https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt Third Party Advisory
https://owasp.org/www-community/attacks/Code_Injection Not Applicable
https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/
https://cwe.mitre.org/data/definitions/94.html Not Applicable
https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt Third Party Advisory
https://owasp.org/www-community/attacks/Code_Injection Not Applicable
https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:furukawa:423-41w\/ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furukawa:423-41w\/ac:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:furukawa:ld421-21w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furukawa:ld421-21w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:furukawa:ld420-10r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furukawa:ld420-10r:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:furukawa:ld421-21wv_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furukawa:ld421-21wv:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:15

Type Values Removed Values Added
References () https://cwe.mitre.org/data/definitions/94.html - Not Applicable () https://cwe.mitre.org/data/definitions/94.html - Not Applicable
References () https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt - Third Party Advisory () https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt - Third Party Advisory
References () https://owasp.org/www-community/attacks/Code_Injection - Not Applicable () https://owasp.org/www-community/attacks/Code_Injection - Not Applicable
References () https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/ - () https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/ -

01 Aug 2024, 13:42

Type Values Removed Values Added
CWE CWE-94

16 May 2024, 22:15

Type Values Removed Values Added
Summary (en) A remote command execution (RCE) vulnerability in the web interface component of Furukawa Electric LatAM 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors. (en) RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.

22 Aug 2023, 23:15

Type Values Removed Values Added
References
  • (MISC) https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/ -

01 Aug 2023, 02:15

Type Values Removed Values Added
Summary A remote command execution (RCE) vulnerability in the web interface component of Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors. A remote command execution (RCE) vulnerability in the web interface component of Furukawa Electric LatAM 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors.

28 Jul 2023, 13:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE NVD-CWE-noinfo
References (MISC) https://cwe.mitre.org/data/definitions/94.html - (MISC) https://cwe.mitre.org/data/definitions/94.html - Not Applicable
References (MISC) https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt - (MISC) https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt - Third Party Advisory
References (MISC) https://owasp.org/www-community/attacks/Code_Injection - (MISC) https://owasp.org/www-community/attacks/Code_Injection - Not Applicable
CPE cpe:2.3:h:furukawa:ld421-21w:-:*:*:*:*:*:*:*
cpe:2.3:o:furukawa:ld420-10r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furukawa:ld421-21wv:-:*:*:*:*:*:*:*
cpe:2.3:h:furukawa:423-41w\/ac:-:*:*:*:*:*:*:*
cpe:2.3:o:furukawa:423-41w\/ac_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:furukawa:ld421-21w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:furukawa:ld420-10r:-:*:*:*:*:*:*:*
cpe:2.3:o:furukawa:ld421-21wv_firmware:*:*:*:*:*:*:*:*

17 Jul 2023, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-17 21:15

Updated : 2024-11-21 06:15

NVD link : CVE-2021-37384

Mitre link : CVE-2021-37384

CVE.ORG link : CVE-2021-37384

JSON object : View

Products Affected

furukawa

  • ld421-21w_firmware
  • ld421-21wv
  • 423-41w\/ac
  • ld421-21w
  • ld421-21wv_firmware
  • 423-41w\/ac_firmware
  • ld420-10r
  • ld420-10r_firmware
CWE
NVD-CWE-noinfo CWE-94

Improper Control of Generation of Code ('Code Injection')