CVE-2023-47674
CRITICALFirst Corporation DVRs - Unauthenticated Configuration Rewrite and Information Disclosure
Title source: llmDescription
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
References (3)
Core 3
Core References
Third Party Advisory
https://jvn.jp/en/vu/JVNVU99077347/
Vendor Advisory
https://www.c-first.co.jp/information/ddososhirase/
Scores
CVSS v3
9.8
EPSS
0.0126
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (28)
c-first/cfr-1004ea_firmware
c-first/cfr-1008ea_firmware
c-first/cfr-1016ea_firmware
c-first/cfr-16eaa_firmware
c-first/cfr-16eab_firmware
c-first/cfr-16eha_firmware
c-first/cfr-16ehd_firmware
c-first/cfr-4eaa_firmware
c-first/cfr-4eaam_firmware
c-first/cfr-4eab_firmware
... and 18 more
Published
Nov 16, 2023
Tracked Since
Feb 18, 2026