CVE-2023-40158 - Vulnerability Details

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01972.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Cbc	Dr-16f Dr-16f42a Dr-16f42a Firmware Dr-16f45at Dr-16f45at Firmware Dr-16h Dr-16h Firmware Dr-16m Dr-16m52 Dr-16m52-av Dr-16m52-av Firmware Dr-16m52 Firmware Dr-4f Dr-4fx1 Dr-4fx1 Firmware Dr-4h Dr-4h Firmware Dr-4m41 Dr-4m51 Dr-4m51-av Dr-4m51-av Firmware Dr-8f Dr-8f42a Dr-8f42a Firmware Dr-8f45at Dr-8f45at Firmware Dr-8h Dr-8h Firmware Dr-8m Dr-8m52-av Dr-8m52-av Firmware Drh8-4m41-a Drh8-4m41-a Firmware Nr-16f Nr-16f82-16p Nr-16f82-16p Firmware Nr-16f85-8pra Nr-16f85-8pra Firmware Nr-16m Nr-16m Firmware Nr-4f Nr-4f Firmware Nr-4m Nr-8f Nr-8f Firmware Nr-8m Nr16h Nr16h Firmware Nr4h Nr4h Firmware Nr8-4m71 Nr8-4m71 Firmware Nr8-8m72 Nr8-8m72 Firmware Nr8h Nr8h Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cbc:nr4h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr4h:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cbc:nr8h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8h:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cbc:nr16h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr16h:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cbc:dr-16f42a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16f42a:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cbc:dr-16f45at_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16f45at:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cbc:dr-8f42a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8f42a:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:cbc:dr-8f45at_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8f45at:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:cbc:dr-4fx1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4fx1:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cbc:dr-16h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16h:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:cbc:dr-8h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8h:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:cbc:dr-4h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4h:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:cbc:drh8-4m41-a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:drh8-4m41-a:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:cbc:nr8-4m71_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8-4m71:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:cbc:nr8-8m72_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8-8m72:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:cbc:nr-16m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16m:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:cbc:nr-16f85-8pra_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16f85-8pra:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:cbc:nr-16f82-16p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16f82-16p:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:cbc:nr-4f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-4f:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:cbc:nr-8f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-8f:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:cbc:dr-16m52_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16m52:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:cbc:dr-16m52-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16m52-av:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:cbc:dr-8m52-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8m52-av:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:cbc:dr-4m51-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4m51-av:-:*:*:*:*:*:*:*

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://download.ganzsecurity.pl/
https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice
https://jvn.jp/en/vu/JVNVU92545432/

History

Fri, 11 Oct 2024 22:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cbc dr-16f Cbc dr-16m Cbc dr-4f Cbc dr-4m41 Cbc dr-4m51 Cbc dr-8f Cbc dr-8m Cbc nr-16f Cbc nr-4m Cbc nr-8m
Weaknesses		CWE-912
CPEs		cpe:2.3:a:cbc:dr-4m51:::::::: cpe:2.3:h:cbc:dr-16f:::::::: cpe:2.3:h:cbc:dr-16m:::::::: cpe:2.3:h:cbc:dr-4f:::::::: cpe:2.3:h:cbc:dr-4m41:::::::: cpe:2.3:h:cbc:dr-8f:::::::: cpe:2.3:h:cbc:dr-8m:::::::: cpe:2.3:h:cbc:nr-16f:::::::: cpe:2.3:h:cbc:nr-4m:::::::: cpe:2.3:h:cbc:nr-8m::::::::
Vendors & Products		Cbc dr-16f Cbc dr-16m Cbc dr-4f Cbc dr-4m41 Cbc dr-4m51 Cbc dr-8f Cbc dr-8m Cbc nr-16f Cbc nr-4m Cbc nr-8m
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-08-23T02:51:29.372Z

Updated: 2024-10-11T21:56:59.562Z

Reserved: 2023-08-10T08:28:15.997Z

Link: CVE-2023-40158

Vulnrichment

Updated: 2024-08-02T18:24:55.605Z

NVD

Status : Modified

Published: 2023-08-23T03:15:08.397

Modified: 2024-11-21T08:18:53.610

Link: CVE-2023-40158

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object