CVE-2023-40158

Summary

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

Affected Software

VendorProductVersion RangeStatus
CBC Co.,Ltd.NR4H, NR8H, NR16H seriesfirmware all versionsaffected
CBC Co.,Ltd.DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 seriesfirmware all versionsaffected
CBC Co.,Ltd.NR-4M, NR-8M, NR-16M seriesfirmware all versionsaffected
CBC Co.,Ltd.NR-4F, NR-8F, NR-16F seriesfirmware all versionsaffected
CBC Co.,Ltd.DR-16M, DR-8M, DR-4M51 seriesfirmware all versionsaffected

Weaknesses

  • Hidden Functionality

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References