Vulnerability identifier: #VU81412
Vulnerability risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-352
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
ACERA 1210
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1150i
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1150w
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1110
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1020
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 1010
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 950
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 850F
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 900
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 850M
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 810
Hardware solutions /
Routers & switches, VoIP, GSM, etc
ACERA 800ST
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: FURUNO SYSTEMS
Description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
ACERA 1210: 02.36
ACERA 1150i: 01.35
ACERA 1150w: 01.35
ACERA 1110: 01.76
ACERA 1020: 01.86
ACERA 1010: 01.86
ACERA 950: 01.60
ACERA 850F: 01.60
ACERA 900: 02.54
ACERA 850M: 02.06
ACERA 810: 03.74
ACERA 800ST: 07.35
External links
http://www.furunosystems.co.jp/news/info/vulner20231002.html
http://jvn.jp/en/vu/JVNVU94497038/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.