CVE-2021-37386

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.

*Credits: N/A

CVSS Scores

NISTv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2021-07-21 CVE Reserved
2023-07-17 CVE Published
2024-08-05 EPSS Updated
2024-10-29 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source
https://cwe.mitre.org/data/definitions/79.html	Not Applicable
https://gist.githubusercontent.com/LuigiPolidorio/ec78daac7c3d97966f2e3703ca5d1685/raw/d64a487407d6f9685d3907206954a6c84c6fa621/reference.txt	Third Party Advisory
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection	Not Applicable
https://www.softwall.com.br/cves/publicacao-rce-html-injection-furukawa

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Furukawa Search vendor "Furukawa"	423-41w\/ac Firmware Search vendor "Furukawa" for product "423-41w\/ac Firmware"	< 1.2.0 Search vendor "Furukawa" for product "423-41w\/ac Firmware" and version " < 1.2.0"	-	Affected	in	Furukawa Search vendor "Furukawa"	423-41w\/ac Search vendor "Furukawa" for product "423-41w\/ac"	-	-	Safe
Furukawa Search vendor "Furukawa"	Ld421-21w Firmware Search vendor "Furukawa" for product "Ld421-21w Firmware"	< 1.5.0 Search vendor "Furukawa" for product "Ld421-21w Firmware" and version " < 1.5.0"	-	Affected	in	Furukawa Search vendor "Furukawa"	Ld421-21w Search vendor "Furukawa" for product "Ld421-21w"	-	-	Safe
Furukawa Search vendor "Furukawa"	Ld420-10r Firmware Search vendor "Furukawa" for product "Ld420-10r Firmware"	< 1.4.0 Search vendor "Furukawa" for product "Ld420-10r Firmware" and version " < 1.4.0"	-	Affected	in	Furukawa Search vendor "Furukawa"	Ld420-10r Search vendor "Furukawa" for product "Ld420-10r"	-	-	Safe
Furukawa Search vendor "Furukawa"	Ld421-21wv Firmware Search vendor "Furukawa" for product "Ld421-21wv Firmware"	< 1.5.0 Search vendor "Furukawa" for product "Ld421-21wv Firmware" and version " < 1.5.0"	-	Affected	in	Furukawa Search vendor "Furukawa"	Ld421-21wv Search vendor "Furukawa" for product "Ld421-21wv"	-	-	Safe