First published: Thu Nov 16 2023(Updated: )
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
C-first Cfr-1004ea | ||
C-first Cfr | ||
All of | ||
C-first Cfr-1008ea Firmware | ||
C-first Cfr-1008ea Firmware | ||
All of | ||
C-first Cfr-1016ea Firmware | ||
C-first Cfr-1016ea Firmware | ||
All of | ||
C-first Cfr-16eaa | ||
C-first Cfr | ||
All of | ||
C-first Cfr-16eab | ||
C-first | ||
All of | ||
C-first Cfr-16eha | ||
C-first Cfr | ||
All of | ||
C-first Cfr-16ehd | ||
C-first Cfr | ||
All of | ||
C-first Cfr-4eaa | ||
C-first | ||
All of | ||
C-first Cfr | ||
C-first Cfr | ||
All of | ||
C-first Cfr-4eab | ||
C-first Cfr | ||
All of | ||
C-first Firmware | ||
C-first | ||
All of | ||
C-first Cfr-4eha Firmware | ||
C-first Cfr-4eha Firmware | ||
All of | ||
C-first Cfr-4ehd | ||
C-first | ||
All of | ||
C-first Cfr | ||
C-first Cfr | ||
All of | ||
C-first Cfr-8eab Firmware | ||
C-first Cfr-8eab Firmware | ||
All of | ||
C-first Cfr-8eha | ||
C-first Cfr-8eha Firmware | ||
All of | ||
C-first Cfr-8ehd | ||
C-first Cfr-8eha | ||
All of | ||
C-first Cfr-904e | ||
C-first Cfr | ||
All of | ||
C-first Cfr-908e Firmware | ||
C-first Cfr-908e Firmware | ||
All of | ||
C-first Cfr-916e | ||
C-first Cfr | ||
All of | ||
C-first Md-404aa Firmware | ||
C-first Md-404aa Firmware | ||
All of | ||
C-first Md-404ab | ||
C-first Md-404ab Firmware | ||
All of | ||
C-first Md-404ha | ||
C-first Md-404ha Firmware | ||
All of | ||
C-first Md-404hd | ||
C-first Md-404hd Firmware | ||
All of | ||
C-first Md-808aa Firmware | ||
C-first Md-808aa Firmware | ||
All of | ||
C-first Md-808ab | ||
C-first Md-808ab Firmware | ||
All of | ||
C-first Md-808ha Firmware | ||
C-first Md-808ha Firmware | ||
All of | ||
C-first Md-808hd | ||
C-first Md-808hd Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-47213 has a high severity, allowing remote unauthenticated access to configure settings on vulnerable DVR models.
To fix CVE-2023-47213, users should update their affected DVR devices to the latest firmware version provided by First Corporation.
CVE-2023-47213 affects various models including CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB.
An attacker exploiting CVE-2023-47213 can rewrite or obtain configuration information of the affected DVR devices.
Yes, CVE-2023-47213 remains a persistent vulnerability unless the affected devices are updated to secure firmware versions.