Описание
A remote command execution (RCE) vulnerability in the web interface component of Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors.
A remote command execution (RCE) vulnerability in the web interface component of Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-37384
- https://cwe.mitre.org/data/definitions/94.html
- https://gist.githubusercontent.com/LuigiPolidorio/9fe61cf2edee63152161ffc52c39f6cd/raw/529cf49103e0fdf4eeb970fa1f62fa508ebe7c3c/reference.txt
- https://owasp.org/www-community/attacks/Code_Injection
- https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa
Связанные уязвимости
CVSS3: 9.8
nvd
больше 2 лет назад
RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.