Vulnerability identifier: #VU81409
Vulnerability risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
ACERA 1210
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1150i
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1150w
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1110
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1020
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1010
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 950
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 850F
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 900
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 850M
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 810
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 800ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1320
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1310
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: FURUNO SYSTEMS
Description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote administrator on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
ACERA 1210: 02.36
ACERA 1150i: 01.35
ACERA 1150w: 01.35
ACERA 1110: 01.76
ACERA 1020: 01.86
ACERA 1010: 01.86
ACERA 950: 01.60
ACERA 850F: 01.60
ACERA 900: 02.54
ACERA 850M: 02.06
ACERA 810: 03.74
ACERA 800ST: 07.35
ACERA 1320: 01.26
ACERA 1310: 01.26
External links
http://www.furunosystems.co.jp/news/info/vulner20231002.html
http://jvn.jp/en/vu/JVNVU94497038/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.