Description RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. Attack Vector To exploit vulnerability, its necessary send an unauthenticated web request to ping function with a RCE payload on parameter “interface”. Affected product(s)/code base 423-41W/AC LD421-21W LD420-10R LD421-21WV Product name ONU 423-41W/AC, ONU LD421-21W, ONU LD420-10R, ONU LD421-21WV Product Version - Fixed in version V1.2.0 on model 423-41W/AC. - Fixed in version V1.5.0 on model LD421-21W. - Fixed in version V1.4.0 on model LD420-10R. - Fixed in version V1.5.0 on model LD421-21WV.