Lucene search
JpcertCVE-2023-47213HistoryNov 16, 2023 - 8:15 a.m.
CVE-2023-47213
2023-11-1608:15:32
CWE-798
jpcert
web.nvd.nist.gov
15
cvr-2023-47213
first corporation
dvrs
hard-coded password
remote attack
configuration information
security update
nvd
vulnerability fix
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.001
Percentile
42.3%
First Corporation’s DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Affected configurations
Node
c-firstcfr-1004ea_firmwareMatch-
c-firstcfr-1004eaMatch-
Node
c-firstcfr-1008ea_firmwareMatch-
c-firstcfr-1008eaMatch-
Node
c-firstcfr-1016ea_firmwareMatch-
c-firstcfr-1016eaMatch-
Node
c-firstcfr-16eaa_firmwareMatch-
c-firstcfr-16eaaMatch-
Node
c-firstcfr-16eab_firmwareMatch-
c-firstcfr-16eabMatch-
Node
c-firstcfr-16eha_firmwareMatch-
c-firstcfr-16ehaMatch-
Node
c-firstcfr-16ehd_firmwareMatch-
c-firstcfr-16ehdMatch-
Node
c-firstcfr-4eaa_firmwareMatch-
c-firstcfr-4eaaMatch-
Node
c-firstcfr-4eaam_firmwareMatch-
c-firstcfr-4eaamMatch-
Node
c-firstcfr-4eab_firmwareMatch-
c-firstcfr-4eabMatch-
Node
c-firstcfr-4eabc_firmwareMatch-
c-firstcfr-4eabcMatch-
Node
c-firstcfr-4eha_firmwareMatch-
c-firstcfr-4ehaMatch-
Node
c-firstcfr-4ehd_firmwareMatch-
c-firstcfr-4ehdMatch-
Node
c-firstcfr-8eaa_firmwareMatch-
c-firstcfr-8eaaMatch-
Node
c-firstcfr-8eab_firmwareMatch-
c-firstcfr-8eabMatch-
Node
c-firstcfr-8eha_firmwareMatch-
c-firstcfr-8ehaMatch-
Node
c-firstcfr-8ehd_firmwareMatch-
c-firstcfr-8ehdMatch-
Node
c-firstcfr-904e_firmwareMatch-
c-firstcfr-904eMatch-
Node
c-firstcfr-908e_firmwareMatch-
c-firstcfr-908eMatch-
Node
c-firstcfr-916e_firmwareMatch-
c-firstcfr-916eMatch-
Node
c-firstmd-404aa_firmwareMatch-
c-firstmd-404aaMatch-
Node
c-firstmd-404ab_firmwareMatch-
c-firstmd-404abMatch-
Node
c-firstmd-404ha_firmwareMatch-
c-firstmd-404haMatch-
Node
c-firstmd-404hd_firmwareMatch-
c-firstmd-404hdMatch-
Node
c-firstmd-808aa_firmwareMatch-
c-firstmd-808aaMatch-
Node
c-firstmd-808ab_firmwareMatch-
c-firstmd-808abMatch-
Node
c-firstmd-808ha_firmwareMatch-
c-firstmd-808haMatch-
Node
c-firstmd-808hd_firmwareMatch-
c-firstmd-808hdMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| c-first | cfr-1004ea_firmware | - | cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1004ea | - | cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:* |
| c-first | cfr-1008ea_firmware | - | cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1008ea | - | cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:* |
| c-first | cfr-1016ea_firmware | - | cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1016ea | - | cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:* |
| c-first | cfr-16eaa_firmware | - | cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-16eaa | - | cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:* |
| c-first | cfr-16eab_firmware | - | cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-16eab | - | cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "First Co., Ltd.",
"product": "CFR-904E, CFR-908E, CFR-916E",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EHD, CFR-8EHD, CFR-16EHD",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EHA, CFR-8EHA, CFR-16EHA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAAM, CFR-4EABC",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAA, CFR-8EAA, CFR-16EAA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAB, CFR-8EAB, CFR-16EAB",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-1004EA, CFR-1008EA, CFR-1016EA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404HD, MD-808HD",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404HA, MD-808HA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404AA, MD-808AA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404AB, MD-808AB",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-47213
2023-11-16 08:15:32
prion
prion
Hardcoded credentials
2023-11-16 08:15:00
cvelist
cvelist
CVE-2023-47213
2023-11-16 07:29:28
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.001
Percentile
42.3%
Related for CVE-2023-47213