CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
42.3%
First Corporation’s DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Vendor | Product | Version | CPE |
---|---|---|---|
c-first | cfr-1004ea_firmware | - | cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:* |
c-first | cfr-1004ea | - | cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:* |
c-first | cfr-1008ea_firmware | - | cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:* |
c-first | cfr-1008ea | - | cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:* |
c-first | cfr-1016ea_firmware | - | cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:* |
c-first | cfr-1016ea | - | cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:* |
c-first | cfr-16eaa_firmware | - | cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:* |
c-first | cfr-16eaa | - | cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:* |
c-first | cfr-16eab_firmware | - | cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:* |
c-first | cfr-16eab | - | cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:* |