CVE-2022-43470
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
05/12/2022
Last modified:
24/04/2025
Description
Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +F FS040W software versions v1.4.1 and earlier allows an adjacent attacker to hijack the authentication of an administrator and user's unintended operations such as to reboot the product and/or reset the configuration to the initial set-up may be performed.
Impact
Base Score 3.x
7.30
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:fsi:fs040u_firmware:*:*:*:*:*:*:*:* | 2.3.4 (including) | |
| cpe:2.3:h:fsi:fs040u:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fsi:fs020w_firmware:*:*:*:*:*:*:*:* | 4.0.0 (including) | |
| cpe:2.3:h:fsi:fs020w:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fsi:fs030w_firmware:*:*:*:*:*:*:*:* | 3.3.5 (including) | |
| cpe:2.3:h:fsi:fs030w:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fsi:fs040w_firmware:*:*:*:*:*:*:*:* | 1.4.1 (including) | |
| cpe:2.3:h:fsi:fs040w:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jvn.jp/en/jp/JVN74285622/index.html
- https://www.fsi.co.jp/mobile/plusF/news/22102801.html
- https://www.fsi.co.jp/mobile/plusF/news/22102802.html
- https://www.fsi.co.jp/mobile/plusF/news/22102803.html
- https://www.fsi.co.jp/mobile/plusF/news/22102804.html
- https://jvn.jp/en/jp/JVN74285622/index.html
- https://www.fsi.co.jp/mobile/plusF/news/22102801.html
- https://www.fsi.co.jp/mobile/plusF/news/22102802.html
- https://www.fsi.co.jp/mobile/plusF/news/22102803.html
- https://www.fsi.co.jp/mobile/plusF/news/22102804.html