← Back

CVE-2021-37384

nvd nist
Published: Jul 17, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.

Affected (4)

Furukawa
4 products
423 41w/ac Firmware
Ld421 21w Firmware
Ld420 10r Firmware
Ld421 21wv Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
423 41w/ac Firmware
Before 1.2.0
Running on/withPlatform Versions
Furukawa
423 41w/ac
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ld421 21w Firmware
Before 1.5.0
Running on/withPlatform Versions
Furukawa
Ld421 21w
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ld420 10r Firmware
Before 1.4.0
Running on/withPlatform Versions
Furukawa
Ld420 10r
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ld421 21wv Firmware
Before 1.5.0
Running on/withPlatform Versions
Furukawa
Ld421 21wv
All versions

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Not Applicable
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.