CVE-2023-47674

Summary

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

Affected Software

VendorProductVersion RangeStatus
First Co., Ltd.CFR-904E, CFR-908E, CFR-916Efirmware all versionsaffected
First Co., Ltd.CFR-4EHD, CFR-8EHD, CFR-16EHDfirmware all versionsaffected
First Co., Ltd.CFR-4EHA, CFR-8EHA, CFR-16EHAfirmware all versionsaffected
First Co., Ltd.CFR-4EAAM, CFR-4EABCfirmware all versionsaffected
First Co., Ltd.CFR-4EAA, CFR-8EAA, CFR-16EAAfirmware all versionsaffected
First Co., Ltd.CFR-4EAB, CFR-8EAB, CFR-16EABfirmware all versionsaffected
First Co., Ltd.CFR-1004EA, CFR-1008EA, CFR-1016EAfirmware all versionsaffected
First Co., Ltd.MD-404HD, MD-808HDfirmware all versionsaffected
First Co., Ltd.MD-404HA, MD-808HAfirmware all versionsaffected
First Co., Ltd.MD-404AA, MD-808AAfirmware all versionsaffected
First Co., Ltd.MD-404AB, MD-808ABfirmware all versionsaffected

Weaknesses

  • Missing authentication for critical function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References