CVE-2023-47674
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| First Co., Ltd. | CFR-904E, CFR-908E, CFR-916E | firmware all versions | affected |
| First Co., Ltd. | CFR-4EHD, CFR-8EHD, CFR-16EHD | firmware all versions | affected |
| First Co., Ltd. | CFR-4EHA, CFR-8EHA, CFR-16EHA | firmware all versions | affected |
| First Co., Ltd. | CFR-4EAAM, CFR-4EABC | firmware all versions | affected |
| First Co., Ltd. | CFR-4EAA, CFR-8EAA, CFR-16EAA | firmware all versions | affected |
| First Co., Ltd. | CFR-4EAB, CFR-8EAB, CFR-16EAB | firmware all versions | affected |
| First Co., Ltd. | CFR-1004EA, CFR-1008EA, CFR-1016EA | firmware all versions | affected |
| First Co., Ltd. | MD-404HD, MD-808HD | firmware all versions | affected |
| First Co., Ltd. | MD-404HA, MD-808HA | firmware all versions | affected |
| First Co., Ltd. | MD-404AA, MD-808AA | firmware all versions | affected |
| First Co., Ltd. | MD-404AB, MD-808AB | firmware all versions | affected |
Weaknesses
- Missing authentication for critical function
ADP Enrichment
CVE Program Container
Additional References
- https://www.c-first.co.jp/information/ddososhirase/
- https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf
- https://jvn.jp/en/vu/JVNVU99077347/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.c-first.co.jp/information/ddososhirase/
- https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf
- https://jvn.jp/en/vu/JVNVU99077347/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.