TROYANOSYVIRUS
Back to CVEs

CVE-2023-47674

CRITICAL
9.8

Description

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/16/2023
Last Modified6/11/2025
Sourcenvd
Honeypot Sightings0

Affected Products

c-first:cfr-1004eac-first:cfr-1004ea_firmwarec-first:cfr-1008eac-first:cfr-1008ea_firmwarec-first:cfr-1016eac-first:cfr-1016ea_firmwarec-first:cfr-16eaac-first:cfr-16eaa_firmwarec-first:cfr-16eabc-first:cfr-16eab_firmwarec-first:cfr-16ehac-first:cfr-16eha_firmwarec-first:cfr-16ehdc-first:cfr-16ehd_firmwarec-first:cfr-4eaac-first:cfr-4eaa_firmwarec-first:cfr-4eaamc-first:cfr-4eaam_firmwarec-first:cfr-4eabc-first:cfr-4eab_firmwarec-first:cfr-4eabcc-first:cfr-4eabc_firmwarec-first:cfr-4ehac-first:cfr-4eha_firmwarec-first:cfr-4ehdc-first:cfr-4ehd_firmwarec-first:cfr-8eaac-first:cfr-8eaa_firmwarec-first:cfr-8eabc-first:cfr-8eab_firmwarec-first:cfr-8ehac-first:cfr-8eha_firmwarec-first:cfr-8ehdc-first:cfr-8ehd_firmwarec-first:cfr-904ec-first:cfr-904e_firmwarec-first:cfr-908ec-first:cfr-908e_firmwarec-first:cfr-916ec-first:cfr-916e_firmwarec-first:md-404aac-first:md-404aa_firmwarec-first:md-404abc-first:md-404ab_firmwarec-first:md-404hac-first:md-404ha_firmwarec-first:md-404hdc-first:md-404hd_firmwarec-first:md-808aac-first:md-808aa_firmwarec-first:md-808abc-first:md-808ab_firmwarec-first:md-808hac-first:md-808ha_firmwarec-first:md-808hdc-first:md-808hd_firmware

Weaknesses (CWE)

CWE-306CWE-306

References

https://jvn.jp/en/vu/JVNVU99077347/(vultures@jpcert.or.jp)
https://www.c-first.co.jp/information/ddososhirase/(vultures@jpcert.or.jp)
https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf(vultures@jpcert.or.jp)
https://jvn.jp/en/vu/JVNVU99077347/(af854a3a-2127-422b-91ae-364da2661108)
https://www.c-first.co.jp/information/ddososhirase/(af854a3a-2127-422b-91ae-364da2661108)
https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.