CVE-2023-47674 Vulnerability Details

  /     /     /  

CVE-2023-47674 Metadata Quick Info

CVE Published: 16/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: jpcert | Vendor: First Co., Ltd. | Product: CFR-904E, CFR-908E, CFR-916E
Status : PUBLISHED

---

CVE-2023-47674 Description

Missing authentication for critical function vulnerability in First Corporation\'s DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Missing authentication for critical function
Source: First Co., Ltd.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).