CVE-2023-40158 - OpenCVE

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cbc	Dr-16f42a Dr-16f42a Firmware Dr-16f45at Dr-16f45at Firmware Dr-16h Dr-16h Firmware Dr-16m52 Dr-16m52-av Dr-16m52-av Firmware Dr-16m52 Firmware Dr-4fx1 Dr-4fx1 Firmware Dr-4h Dr-4h Firmware Dr-4m51-av Dr-4m51-av Firmware Dr-8f42a Dr-8f42a Firmware Dr-8f45at Dr-8f45at Firmware Dr-8h Dr-8h Firmware Dr-8m52-av Dr-8m52-av Firmware Drh8-4m41-a Drh8-4m41-a Firmware Nr-16f82-16p Nr-16f82-16p Firmware Nr-16f85-8pra Nr-16f85-8pra Firmware Nr-16m Nr-16m Firmware Nr-4f Nr-4f Firmware Nr-8f Nr-8f Firmware Nr16h Nr16h Firmware Nr4h Nr4h Firmware Nr8-4m71 Nr8-4m71 Firmware Nr8-8m72 Nr8-8m72 Firmware Nr8h Nr8h Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cbc:nr4h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr4h:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cbc:nr8h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8h:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cbc:nr16h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr16h:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cbc:dr-16f42a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16f42a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cbc:dr-16f45at_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16f45at:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cbc:dr-8f42a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8f42a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cbc:dr-8f45at_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8f45at:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cbc:dr-4fx1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4fx1:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cbc:dr-16h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16h:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:cbc:dr-8h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8h:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:cbc:dr-4h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4h:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:cbc:drh8-4m41-a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:drh8-4m41-a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:cbc:nr8-4m71_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8-4m71:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:cbc:nr8-8m72_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8-8m72:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:cbc:nr-16m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16m:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:cbc:nr-16f85-8pra_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16f85-8pra:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:cbc:nr-16f82-16p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16f82-16p:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:cbc:nr-4f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-4f:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:cbc:nr-8f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-8f:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:cbc:dr-16m52_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16m52:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:cbc:dr-16m52-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16m52-av:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:cbc:dr-8m52-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8m52-av:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:cbc:dr-4m51-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4m51-av:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.ganzsecurity.pl/
https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice
https://jvn.jp/en/vu/JVNVU92545432/

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-08-23T02:51:29.372Z

Updated: 2024-08-02T18:24:55.605Z

Reserved: 2023-08-10T08:28:15.997Z

Link: CVE-2023-40158

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-23T03:15:08.397

Modified: 2023-08-29T14:35:53.187

Link: CVE-2023-40158

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object