Missing authentication for critical function vulnerability in First Corporation’s DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
[
{
"vendor": "First Co., Ltd.",
"product": "CFR-904E, CFR-908E, CFR-916E",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EHD, CFR-8EHD, CFR-16EHD",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EHA, CFR-8EHA, CFR-16EHA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAAM, CFR-4EABC",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAA, CFR-8EAA, CFR-16EAA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-4EAB, CFR-8EAB, CFR-16EAB",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "CFR-1004EA, CFR-1008EA, CFR-1016EA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404HD, MD-808HD",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404HA, MD-808HA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404AA, MD-808AA",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
},
{
"vendor": "First Co., Ltd.",
"product": "MD-404AB, MD-808AB",
"versions": [
{
"version": "firmware all versions",
"status": "affected"
}
]
}
]