CVE-2022-43470 — HIGH (7.3)

Q: How severe is CVE-2022-43470?

CVE-2022-43470 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-43470?

Check the references section above for vendor advisories and patch information. Affected products include: Fsi Fs040U Firmware, Fsi Fs040U, Fsi Fs020W Firmware, Fsi Fs020W, Fsi Fs030W Firmware.

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fsi	Fs040U Firmware	<= 2.3.4
Fsi	Fs040U	-
Fsi	Fs020W Firmware	<= 4.0.0
Fsi	Fs020W	-
Fsi	Fs030W Firmware	<= 3.3.5
Fsi	Fs030W	-
Fsi	Fs040W Firmware	<= 1.4.1
Fsi	Fs040W	-

Related Weaknesses (CWE)

CWE-352

References

https://jvn.jp/en/jp/JVN74285622/index.htmlThird Party Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102801.htmlVendor Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102802.htmlVendor Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102803.htmlVendor Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102804.htmlVendor Advisory
https://jvn.jp/en/jp/JVN74285622/index.htmlThird Party Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102801.htmlVendor Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102802.htmlVendor Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102803.htmlVendor Advisory
https://www.fsi.co.jp/mobile/plusF/news/22102804.htmlVendor Advisory

FAQ

What is CVE-2022-43470?

CVE-2022-43470 is a vulnerability with a CVSS score of 7.3 (HIGH). Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +...

How severe is CVE-2022-43470?

CVE-2022-43470 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-43470?

Check the references section above for vendor advisories and patch information. Affected products include: Fsi Fs040U Firmware, Fsi Fs040U, Fsi Fs020W Firmware, Fsi Fs020W, Fsi Fs030W Firmware.