Vulnerability Description
RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Furukawa | 423-41W\/Ac Firmware | < 1.2.0 |
| Furukawa | 423-41W\/Ac | - |
| Furukawa | Ld421-21W Firmware | < 1.5.0 |
| Furukawa | Ld421-21W | - |
| Furukawa | Ld420-10R Firmware | < 1.4.0 |
| Furukawa | Ld420-10R | - |
| Furukawa | Ld421-21Wv Firmware | < 1.5.0 |
| Furukawa | Ld421-21Wv | - |
Related Weaknesses (CWE)
References
- https://cwe.mitre.org/data/definitions/94.htmlNot Applicable
- https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6Third Party Advisory
- https://owasp.org/www-community/attacks/Code_InjectionNot Applicable
- https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/
- https://cwe.mitre.org/data/definitions/94.htmlNot Applicable
- https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6Third Party Advisory
- https://owasp.org/www-community/attacks/Code_InjectionNot Applicable
- https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/
FAQ
What is CVE-2021-37384?
CVE-2021-37384 is a vulnerability with a CVSS score of 9.8 (CRITICAL). RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.
How severe is CVE-2021-37384?
CVE-2021-37384 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-37384?
Check the references section above for vendor advisories and patch information. Affected products include: Furukawa 423-41W\/Ac Firmware, Furukawa 423-41W\/Ac, Furukawa Ld421-21W Firmware, Furukawa Ld421-21W, Furukawa Ld420-10R Firmware.