Lucene search
HistoryApr 13, 2023 - 8:15 p.m.
CVE-2023-27748
cve-2023-27748
blackvue
firmware
authenticity check
backdoors
code execution
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.002
Percentile
51.7%
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.
Affected configurations
Node
blackvuedr750-2ch_lte_firmwareMatch1.012_2022.10.26
blackvuedr750-2ch_lteMatch-
Node
blackvuedr750-2ch_ir_lte_firmwareMatch1.012_2022.10.26
blackvuedr750-2ch_ir_lteMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| blackvue | dr750-2ch_lte_firmware | 1.012_2022.10.26 | cpe:2.3:o:blackvue:dr750-2ch_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:* |
| blackvue | dr750-2ch_lte | - | cpe:2.3:h:blackvue:dr750-2ch_lte:-:*:*:*:*:*:*:* |
| blackvue | dr750-2ch_ir_lte_firmware | 1.012_2022.10.26 | cpe:2.3:o:blackvue:dr750-2ch_ir_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:* |
| blackvue | dr750-2ch_ir_lte | - | cpe:2.3:h:blackvue:dr750-2ch_ir_lte:-:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2023-04-13 20:15:00
cvelist
cvelist
CVE-2023-27748
2023-04-13 00:00:00
cve
cve
CVE-2023-27748
2023-04-13 20:15:16
githubexploit
githubexploit
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.002
Percentile
51.7%
Related for NVD:CVE-2023-27748