CVE-2023-41086
📋 TL;DR
This CSRF vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows attackers to perform unauthorized operations when authenticated users visit malicious web pages. Affected users include administrators of ACERA series devices running specific firmware versions in standalone mode.
💻 Affected Systems
- ACERA 1210
- ACERA 1150i
- ACERA 1150w
- ACERA 1110
- ACERA 1020
- ACERA 1010
- ACERA 950
- ACERA 850F
- ACERA 900
- ACERA 850M
- ACERA 810
- ACERA 800ST
📦 What is this software?
Acera 1010 Firmware by Furunosystems
Acera 1020 Firmware by Furunosystems
Acera 1110 Firmware by Furunosystems
Acera 1150i Firmware by Furunosystems
Acera 1150w Firmware by Furunosystems
Acera 1210 Firmware by Furunosystems
Acera 800st Firmware by Furunosystems
Acera 810 Firmware by Furunosystems
Acera 850f Firmware by Furunosystems
Acera 850m Firmware by Furunosystems
Acera 900 Firmware by Furunosystems
Acera 950 Firmware by Furunosystems
⚠️ Risk & Real-World Impact
Worst Case
Complete device takeover allowing network configuration changes, credential theft, or device bricking through unauthorized administrative actions.
Likely Case
Unauthorized configuration changes to wireless settings, network redirection, or denial of service through device misconfiguration.
If Mitigated
Limited impact with proper network segmentation and user awareness training preventing malicious page access.
🎯 Exploit Status
Requires user interaction (visiting malicious page) while authenticated to device web interface
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific fixed versions per model
Vendor Advisory: https://www.furunosystems.co.jp/news/info/vulner20231002.html
Restart Required: Yes
Instructions:
1. Download latest firmware from FURUNO SYSTEMS support portal. 2. Backup current configuration. 3. Upload firmware via web interface. 4. Apply update and restart device.
🔧 Temporary Workarounds
CSRF Token Implementation
allAdd anti-CSRF tokens to web interface forms
SameSite Cookie Attribute
allConfigure session cookies with SameSite=Strict attribute
🧯 If You Can't Patch
- Isolate management interface to separate VLAN with strict access controls
- Implement web application firewall with CSRF protection rules
🔍 How to Verify
Check if Vulnerable:
Check firmware version via device web interface and compare against affected versions listCheck Version:
Login to device web interface and navigate to System Information or Status pageVerify Fix Applied:
Verify firmware version is above affected range and test CSRF protection mechanisms📡 Detection & Monitoring
Log Indicators:
- Unexpected configuration changes without corresponding admin login events
- Multiple failed login attempts followed by successful configuration changes
Network Indicators:
- HTTP requests to device management interface with Referer headers pointing to external domains
- Unusual configuration change patterns
SIEM Query:
source="access_point_logs" AND (event_type="config_change" AND NOT user="admin")