Vulnerability Details CVE-2023-47674
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.7%
CVSS Severity
CVSS v3 Score 9.8
References
- https://jvn.jp/en/vu/JVNVU99077347/
- https://www.c-first.co.jp/information/ddososhirase/
- https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf
- https://jvn.jp/en/vu/JVNVU99077347/
- https://www.c-first.co.jp/information/ddososhirase/
- https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf
Products affected by CVE-2023-47674
-
cpe:2.3:h:c-first:cfr-1004ea:-
-
cpe:2.3:h:c-first:cfr-1008ea:-
-
cpe:2.3:h:c-first:cfr-1016ea:-
-
cpe:2.3:h:c-first:cfr-16eaa:-
-
cpe:2.3:h:c-first:cfr-16eab:-
-
cpe:2.3:h:c-first:cfr-16eha:-
-
cpe:2.3:h:c-first:cfr-16ehd:-
-
cpe:2.3:h:c-first:cfr-4eaa:-
-
cpe:2.3:h:c-first:cfr-4eaam:-
-
cpe:2.3:h:c-first:cfr-4eab:-
-
cpe:2.3:h:c-first:cfr-4eabc:-
-
cpe:2.3:h:c-first:cfr-4eha:-
-
cpe:2.3:h:c-first:cfr-4ehd:-
-
cpe:2.3:h:c-first:cfr-8eaa:-
-
cpe:2.3:h:c-first:cfr-8eab:-
-
cpe:2.3:h:c-first:cfr-8eha:-
-
cpe:2.3:h:c-first:cfr-8ehd:-
-
cpe:2.3:h:c-first:cfr-904e:-
-
cpe:2.3:h:c-first:cfr-908e:-
-
cpe:2.3:h:c-first:cfr-916e:-
-
cpe:2.3:h:c-first:md-404aa:-
-
cpe:2.3:h:c-first:md-404ab:-
-
cpe:2.3:h:c-first:md-404ha:-
-
cpe:2.3:h:c-first:md-404hd:-
-
cpe:2.3:h:c-first:md-808aa:-
-
cpe:2.3:h:c-first:md-808ab:-
-
cpe:2.3:h:c-first:md-808ha:-
-
cpe:2.3:h:c-first:md-808hd:-
-
cpe:2.3:o:c-first:cfr-1004ea_firmware:-
-
cpe:2.3:o:c-first:cfr-1008ea_firmware:-
-
cpe:2.3:o:c-first:cfr-1016ea_firmware:-
-
cpe:2.3:o:c-first:cfr-16eaa_firmware:-
-
cpe:2.3:o:c-first:cfr-16eab_firmware:-
-
cpe:2.3:o:c-first:cfr-16eha_firmware:-
-
cpe:2.3:o:c-first:cfr-16ehd_firmware:-
-
cpe:2.3:o:c-first:cfr-4eaa_firmware:-
-
cpe:2.3:o:c-first:cfr-4eaam_firmware:-
-
cpe:2.3:o:c-first:cfr-4eab_firmware:-
-
cpe:2.3:o:c-first:cfr-4eabc_firmware:-
-
cpe:2.3:o:c-first:cfr-4eha_firmware:-
-
cpe:2.3:o:c-first:cfr-4ehd_firmware:-
-
cpe:2.3:o:c-first:cfr-8eaa_firmware:-
-
cpe:2.3:o:c-first:cfr-8eab_firmware:-
-
cpe:2.3:o:c-first:cfr-8eha_firmware:-
-
cpe:2.3:o:c-first:cfr-8ehd_firmware:-
-
cpe:2.3:o:c-first:cfr-904e_firmware:-
-
cpe:2.3:o:c-first:cfr-908e_firmware:-
-
cpe:2.3:o:c-first:cfr-916e_firmware:-
-
cpe:2.3:o:c-first:md-404aa_firmware:-
-
cpe:2.3:o:c-first:md-404ab_firmware:-
-
cpe:2.3:o:c-first:md-404ha_firmware:-
-
cpe:2.3:o:c-first:md-404hd_firmware:-
-
cpe:2.3:o:c-first:md-808aa_firmware:-
-
cpe:2.3:o:c-first:md-808ab_firmware:-
-
cpe:2.3:o:c-first:md-808ha_firmware:-
-
cpe:2.3:o:c-first:md-808hd_firmware:-