CVE-2023-39222

high-risk
Published 2023-10-03

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.

Do I need to act?

-
0.80% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (14)

Acera 1310 Firmware
Acera 1320 Firmware
Acera 1210 Firmware
Acera 1150I Firmware
Acera 1150W Firmware
Acera 1110 Firmware
Acera 1020 Firmware
Acera 1010 Firmware
Acera 950 Firmware
Acera 850F Firmware
Acera 900 Firmware
Acera 850M Firmware
Acera 810 Firmware
Acera 800St Firmware

Affected Vendors

Furunosystems

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU94497038/
Vendor Advisory https://www.furunosystems.co.jp/news/info/vulner20231002.html
Third Party Advisory https://jvn.jp/en/vu/JVNVU94497038/
Vendor Advisory https://www.furunosystems.co.jp/news/info/vulner20231002.html
51
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 3/34 · Minimal
Exposure 18/34 · Moderate