[Japanese]
|
JVNDB-2023-007150
|
Multiple vulnerabilities in First Corporation's DVRs
|
DVRs provided by First Co., Ltd. contain multiple vulnerabilities listed below.
* Use of hard-coded password (CWE-259) - CVE-2023-47213
* Missing authentication for critical function (CWE-306) - CVE-2023-47674
Yoshiki Mori of National Institute of Information and Communications Technology Cybersecurity Research Institute reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
|
CVSS V3 Severity: Base Metrics 9.8 (Critical) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-47674
|
CVSS V3 Severity:
Base Metrics8.1 (High) [Other]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-47213
|
|
First Co., Ltd.
- CFR-1004EA firmware
- CFR-1008EA firmware
- CFR-1016EA firmware
- CFR-16EAA firmware
- CFR-16EAB firmware
- CFR-16EHA firmware
- CFR-16EHD firmware
- CFR-4EAA firmware
- CFR-4EAAM firmware
- CFR-4EAB firmware
- CFR-4EABC firmware
- CFR-4EHA firmware
- CFR-4EHD firmware
- CFR-8EAA firmware
- CFR-8EAB firmware
- CFR-8EHA firmware
- CFR-8EHD firmware
- CFR-904E firmware
- CFR-908E firmware
- CFR-916E firmware
- MD-404AA firmware
- MD-404AB firmware
- MD-404HA firmware
- MD-404HD firmware
- MD-808AA firmware
- MD-808AB firmware
- MD-808HA firmware
- MD-808HD firmware
|
|
A remote attacker may rewrite or obtain the configuration information of the affected device.
|
[Update the Firmware]
The developer provides the firmware updates for the following products.
* CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, MD-808AB: Late model
[Apply the Workaround]
For products for which no firmware updates are provided, apply the workaround indicated by the developer.
For more information, refer to the information provided by the developer.
|
First Co., Ltd.
|
- Use of Hard-coded Password(CWE-259) [Other]
- Missing Authentication for Critical Function(CWE-306) [Other]
|
- CVE-2023-47213
- CVE-2023-47674
|
- JVN : JVNVU#99077347
- National Vulnerability Database (NVD) : CVE-2023-47213
- National Vulnerability Database (NVD) : CVE-2023-47674
- Related document : NICTER Blog (in Japanese)
|
- [2023/11/17]
Web page was published
- [2024/07/11]
References : Contents were added
|