CVE-2021-37386 - Vulnerability Details - OpenCVE

Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00065.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Furukawa	423-41w\/ac 423-41w\/ac Firmware Ld420-10r Ld420-10r Firmware Ld421-21w Ld421-21w Firmware Ld421-21wv Ld421-21wv Firmware

Configuration 1 [-]

AND

cpe:2.3:o:furukawa:423-41w\/ac_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:423-41w\/ac:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:furukawa:ld421-21w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:ld421-21w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:furukawa:ld420-10r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:ld420-10r:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:furukawa:ld421-21wv_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:furukawa:ld421-21wv:-:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cwe.mitre.org/data/definitions/79.html
https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/

History

Tue, 29 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-17T00:00:00

Updated: 2024-10-29T13:44:51.812Z

Reserved: 2021-07-21T00:00:00

Link: CVE-2021-37386

Vulnrichment

Updated: 2024-08-04T01:16:03.986Z

NVD

Status : Modified

Published: 2023-07-17T17:15:09.377

Modified: 2024-11-21T06:15:03.530

Link: CVE-2021-37386

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-37386", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-29T13:44:51.812Z", "dateReserved": "2021-07-21T00:00:00", "datePublished": "2023-07-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-22T22:11:10.815986"}, "descriptions": [{"lang": "en", "value": "Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://cwe.mitre.org/data/definitions/79.html"}, {"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"}, {"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"}, {"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-18T16:33:22.513703Z", "id": "CVE-2021-37386", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T13:44:51.812Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:16:03.986Z"}, "title": "CVE Program Container", "references": [{"url": "https://cwe.mitre.org/data/definitions/79.html", "tags": ["x_transferred"]}, {"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection", "tags": ["x_transferred"]}, {"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt", "tags": ["x_transferred"]}, {"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cwe.mitre.org/data/definitions/79.html", "tags": ["x_transferred"]}, {"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection", "tags": ["x_transferred"]}, {"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt", "tags": ["x_transferred"]}, {"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:16:03.986Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-37386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-18T16:33:22.513703Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-18T16:32:06.561Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://cwe.mitre.org/data/definitions/79.html"}, {"url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"}, {"url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"}, {"url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"}], "descriptions": [{"lang": "en", "value": "Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-22T22:11:10.815986"}}}, "cveMetadata": {"cveId": "CVE-2021-37386", "state": "PUBLISHED", "dateUpdated": "2024-10-29T13:44:51.812Z", "dateReserved": "2021-07-21T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-17T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:423-41w\\/ac_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D96F6757-53C3-4330-B099-6FAB60225E9E", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:423-41w\\/ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFB812F0-EED1-4EE4-A86B-6F60CC6C0DFE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:ld421-21w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F24790A4-9406-4622-A6B1-0871307728F6", "versionEndExcluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:ld421-21w:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C3407C3-5035-47D2-927A-FDFB4785014B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:ld420-10r_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EC28BBB-AB0B-4A9D-8896-10A745C990FF", "versionEndExcluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:ld420-10r:-:*:*:*:*:*:*:*", "matchCriteriaId": "525A4855-AB6B-4AAD-BC61-A0D4A855D725", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:furukawa:ld421-21wv_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21E2D847-766F-4537-9B92-CA76CFDE0871", "versionEndExcluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:furukawa:ld421-21wv:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F65580-097F-45D3-AB80-9D633095F711", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function."}], "id": "CVE-2021-37386", "lastModified": "2024-11-21T06:15:03.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 5.3, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 5.3, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-07-17T17:15:09.377", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://cwe.mitre.org/data/definitions/79.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"}, {"source": "cve@mitre.org", "url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://cwe.mitre.org/data/definitions/79.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}