CVE-2023-47674 - OpenCVE

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
C-first	Cfr-1004ea Cfr-1004ea Firmware Cfr-1008ea Cfr-1008ea Firmware Cfr-1016ea Cfr-1016ea Firmware Cfr-16eaa Cfr-16eaa Firmware Cfr-16eab Cfr-16eab Firmware Cfr-16eha Cfr-16eha Firmware Cfr-16ehd Cfr-16ehd Firmware Cfr-4eaa Cfr-4eaa Firmware Cfr-4eaam Cfr-4eaam Firmware Cfr-4eab Cfr-4eab Firmware Cfr-4eabc Cfr-4eabc Firmware Cfr-4eha Cfr-4eha Firmware Cfr-4ehd Cfr-4ehd Firmware Cfr-8eaa Cfr-8eaa Firmware Cfr-8eab Cfr-8eab Firmware Cfr-8eha Cfr-8eha Firmware Cfr-8ehd Cfr-8ehd Firmware Cfr-904e Cfr-904e Firmware Cfr-908e Cfr-908e Firmware Cfr-916e Cfr-916e Firmware Md-404aa Md-404aa Firmware Md-404ab Md-404ab Firmware Md-404ha Md-404ha Firmware Md-404hd Md-404hd Firmware Md-808aa Md-808aa Firmware Md-808ab Md-808ab Firmware Md-808ha Md-808ha Firmware Md-808hd Md-808hd Firmware

Configuration 1 [-]

AND

cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:c-first:cfr-16eha_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-16eha:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:c-first:cfr-16ehd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-16ehd:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:c-first:cfr-4eaa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-4eaa:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:c-first:cfr-4eaam_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-4eaam:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:c-first:cfr-4eab_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-4eab:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:c-first:cfr-4eabc_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-4eabc:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:c-first:cfr-4eha_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-4eha:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:c-first:cfr-4ehd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-4ehd:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:c-first:cfr-8eaa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-8eaa:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:c-first:cfr-8eab_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-8eab:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:c-first:cfr-8eha_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-8eha:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:c-first:cfr-8ehd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-8ehd:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:c-first:cfr-904e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-904e:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:c-first:cfr-908e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-908e:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:c-first:cfr-916e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:cfr-916e:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:c-first:md-404aa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-404aa:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:c-first:md-404ab_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-404ab:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:c-first:md-404ha_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-404ha:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:c-first:md-404hd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-404hd:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:c-first:md-808aa_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-808aa:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:c-first:md-808ab_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-808ab:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:c-first:md-808ha_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-808ha:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:c-first:md-808hd_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:c-first:md-808hd:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/vu/JVNVU99077347/
https://www.c-first.co.jp/information/ddososhirase/
https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-11-16T07:28:38.522Z

Updated: 2024-08-02T21:16:43.197Z

Reserved: 2023-11-15T01:42:54.432Z

Link: CVE-2023-47674

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-16T08:15:33.147

Modified: 2023-12-05T19:11:17.703

Link: CVE-2023-47674

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object