Lucene search
JpcertCVE-2023-47674HistoryNov 16, 2023 - 8:15 a.m.
CVE-2023-47674
2023-11-1608:15:33
CWE-306
jpcert
web.nvd.nist.gov
16
cve-2023-47674
first corporation
dvrs
authentication vulnerability
remote attacker
configuration information
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
43.4%
Missing authentication for critical function vulnerability in First Corporation’s DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Affected configurations
Node
c-firstcfr-1004ea_firmwareMatch-
c-firstcfr-1004eaMatch-
Node
c-firstcfr-1008ea_firmwareMatch-
c-firstcfr-1008eaMatch-
Node
c-firstcfr-1016ea_firmwareMatch-
c-firstcfr-1016eaMatch-
Node
c-firstcfr-16eaa_firmwareMatch-
c-firstcfr-16eaaMatch-
Node
c-firstcfr-16eab_firmwareMatch-
c-firstcfr-16eabMatch-
Node
c-firstcfr-16eha_firmwareMatch-
c-firstcfr-16ehaMatch-
Node
c-firstcfr-16ehd_firmwareMatch-
c-firstcfr-16ehdMatch-
Node
c-firstcfr-4eaa_firmwareMatch-
c-firstcfr-4eaaMatch-
Node
c-firstcfr-4eaam_firmwareMatch-
c-firstcfr-4eaamMatch-
Node
c-firstcfr-4eab_firmwareMatch-
c-firstcfr-4eabMatch-
Node
c-firstcfr-4eabc_firmwareMatch-
c-firstcfr-4eabcMatch-
Node
c-firstcfr-4eha_firmwareMatch-
c-firstcfr-4ehaMatch-
Node
c-firstcfr-4ehd_firmwareMatch-
c-firstcfr-4ehdMatch-
Node
c-firstcfr-8eaa_firmwareMatch-
c-firstcfr-8eaaMatch-
Node
c-firstcfr-8eab_firmwareMatch-
c-firstcfr-8eabMatch-
Node
c-firstcfr-8eha_firmwareMatch-
c-firstcfr-8ehaMatch-
Node
c-firstcfr-8ehd_firmwareMatch-
c-firstcfr-8ehdMatch-
Node
c-firstcfr-904e_firmwareMatch-
c-firstcfr-904eMatch-
Node
c-firstcfr-908e_firmwareMatch-
c-firstcfr-908eMatch-
Node
c-firstcfr-916e_firmwareMatch-
c-firstcfr-916eMatch-
Node
c-firstmd-404aa_firmwareMatch-
c-firstmd-404aaMatch-
Node
c-firstmd-404ab_firmwareMatch-
c-firstmd-404abMatch-
Node
c-firstmd-404ha_firmwareMatch-
c-firstmd-404haMatch-
Node
c-firstmd-404hd_firmwareMatch-
c-firstmd-404hdMatch-
Node
c-firstmd-808aa_firmwareMatch-
c-firstmd-808aaMatch-
Node
c-firstmd-808ab_firmwareMatch-
c-firstmd-808abMatch-
Node
c-firstmd-808ha_firmwareMatch-
c-firstmd-808haMatch-
Node
c-firstmd-808hd_firmwareMatch-
c-firstmd-808hdMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| c-first | cfr-1004ea_firmware | - | cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1004ea | - | cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:* |
| c-first | cfr-1008ea_firmware | - | cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1008ea | - | cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:* |
| c-first | cfr-1016ea_firmware | - | cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1016ea | - | cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:* |
| c-first | cfr-16eaa_firmware | - | cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-16eaa | - | cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:* |
| c-first | cfr-16eab_firmware | - | cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-16eab | - | cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "First Co., Ltd.",
"product": "CFR-904E, CFR-908E, CFR-916E",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EHD, CFR-8EHD, CFR-16EHD",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EHA, CFR-8EHA, CFR-16EHA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAAM, CFR-4EABC",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAA, CFR-8EAA, CFR-16EAA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAB, CFR-8EAB, CFR-16EAB",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-1004EA, CFR-1008EA, CFR-1016EA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404HD, MD-808HD",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404HA, MD-808HA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404AA, MD-808AA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404AB, MD-808AB",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2023-47674
2023-11-16 07:28:38
nvd
nvd
CVE-2023-47674
2023-11-16 08:15:33
prion
prion
Authentication flaw
2023-11-16 08:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
43.4%
Related for CVE-2023-47674