{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
  "dc:date": "2024-04-02T18:03+09:00",
  "dcterms:issued": "2024-04-02T18:03+09:00",
  "dcterms:modified": "2024-04-02T18:03+09:00",
  "description": "In the initial configuration of Managed Switch ACERA 9010 provided by FURUNO Systems Co., Ltd., the password is empty (CWE-258) and the remote access service is enabled.\r\n\r\nThe products are affected only when running in non MS mode with the initial configuration.\r\n\r\nFURUNO SYSTEMS Co.,Ltd. reported this vulnerability to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003051.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-08",
      "@product": "ACERA 9010-08",
      "@vendor": "FURUNO SYSTEMS Co.,Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:furunosystems:furuno_systems_acera_9010-24",
      "@product": "ACERA 9010-24",
      "@vendor": "FURUNO SYSTEMS Co.,Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-003051",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU99285099/index.html",
      "@id": "JVNVU#99285099",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28744",
      "@id": "CVE-2024-28744",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/258.html",
      "@id": "CWE-258",
      "@title": "Empty Password in Configuration File(CWE-258)"
    }
  ],
  "title": "FURUNO SYSTEMS Managed Switch ACERA 9010 running in non MS mode with the initial configuration has no password"
}