CVE-2023-47674
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.4%
Missing authentication for critical function vulnerability in First Corporation’s DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| c-first | cfr-1004ea_firmware | - | cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1004ea | - | cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:* |
| c-first | cfr-1008ea_firmware | - | cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1008ea | - | cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:* |
| c-first | cfr-1016ea_firmware | - | cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-1016ea | - | cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:* |
| c-first | cfr-16eaa_firmware | - | cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-16eaa | - | cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:* |
| c-first | cfr-16eab_firmware | - | cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:* |
| c-first | cfr-16eab | - | cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
43.4%