{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-28704", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "dateUpdated": "2024-08-02T13:43:23.897Z", "dateReserved": "2023-03-21T00:00:00", "datePublished": "2023-06-02T00:00:00"}, "containers": {"cna": {"title": "Furbo dog camera - Command Injection", "datePublic": "2023-05-30T00:00:00", "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2023-06-02T00:00:00"}, "descriptions": [{"lang": "en", "value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."}], "affected": [{"vendor": "Furbo", "product": "dog camera fireware", "versions": [{"version": "542", "status": "affected"}]}], "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html"}], "credits": [{"lang": "en", "value": "Lee Pu, Weber Tasi, KaiChing Wang (CHT Security)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "cweId": "CWE-77"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "TVN-202305006", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:43:23.897Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:furbo:dog_camera:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADC598A4-1514-409A-9323-1EBFA25762CF", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:furbo:dog_camera_firmware:542:*:*:*:*:*:*:*", "matchCriteriaId": "F8603241-9310-43DC-A857-E6165FE2607F", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."}, {"lang": "es", "value": "La c\u00e1mara para perros Furbo tiene un filtrado insuficiente para el par\u00e1metro especial de la funci\u00f3n de gesti\u00f3n del registro del dispositivo. Un atacante remoto no autenticado en la red Bluetooth con privilegios de usuario normales puede explotar esta vulnerabilidad para realizar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios del sistema o interrumpir el servicio. "}], "id": "CVE-2023-28704", "lastModified": "2023-06-09T18:22:24.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}]}, "published": "2023-06-02T11:15:10.650", "references": [{"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}