Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://cwe.mitre.org/data/definitions/79.html - Not Applicable | |
References | () https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt - Third Party Advisory | |
References | () https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection - Not Applicable | |
References | () https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/ - |
22 Aug 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Aug 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. |
26 Jul 2023, 21:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:furukawa:ld421-21w:-:*:*:*:*:*:*:* cpe:2.3:o:furukawa:ld420-10r_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:furukawa:ld421-21wv:-:*:*:*:*:*:*:* cpe:2.3:h:furukawa:423-41w\/ac:-:*:*:*:*:*:*:* cpe:2.3:o:furukawa:423-41w\/ac_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:furukawa:ld421-21w_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:furukawa:ld420-10r:-:*:*:*:*:*:*:* cpe:2.3:o:furukawa:ld421-21wv_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-79 | |
References | (MISC) https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection - Not Applicable | |
References | (MISC) https://cwe.mitre.org/data/definitions/79.html - Not Applicable | |
References | (MISC) https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt - Third Party Advisory |
20 Jul 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. |
20 Jul 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | HTML Injection vulnerability was found in some ONU models allows remote high privileged authenticated user to send arbitrary HTML tags via web interface, this vulnerability can cause deny of service after device is rebooted if an invalid serial number addressed. |
17 Jul 2023, 17:31
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-17 17:15
Updated : 2024-11-21 06:15
NVD link : CVE-2021-37386
Mitre link : CVE-2021-37386
CVE.ORG link : CVE-2021-37386
JSON object : View
Products Affected
furukawa
- ld421-21w_firmware
- ld421-21wv
- 423-41w\/ac
- ld421-21w
- ld421-21wv_firmware
- 423-41w\/ac_firmware
- ld420-10r
- ld420-10r_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')