First published: Thu Nov 16 2023(Updated: )
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
C-first Cfr-1004ea | ||
C-first Cfr | ||
All of | ||
C-first Cfr-1008ea Firmware | ||
C-first Cfr-1008ea Firmware | ||
All of | ||
C-first Cfr-1016ea Firmware | ||
C-first Cfr-1016ea Firmware | ||
All of | ||
C-first Cfr-16eaa | ||
C-first Cfr | ||
All of | ||
C-first Cfr-16eab | ||
C-first | ||
All of | ||
C-first Cfr-16eha | ||
C-first Cfr | ||
All of | ||
C-first Cfr-16ehd | ||
C-first Cfr | ||
All of | ||
C-first Cfr-4eaa | ||
C-first | ||
All of | ||
C-first Cfr | ||
C-first Cfr | ||
All of | ||
C-first Cfr-4eab | ||
C-first Cfr | ||
All of | ||
C-first Firmware | ||
C-first | ||
All of | ||
C-first Cfr-4eha Firmware | ||
C-first Cfr-4eha Firmware | ||
All of | ||
C-first Cfr-4ehd | ||
C-first | ||
All of | ||
C-first Cfr | ||
C-first Cfr | ||
All of | ||
C-first Cfr-8eab Firmware | ||
C-first Cfr-8eab Firmware | ||
All of | ||
C-first Cfr-8eha | ||
C-first Cfr-8eha Firmware | ||
All of | ||
C-first Cfr-8ehd | ||
C-first Cfr-8eha | ||
All of | ||
C-first Cfr-904e | ||
C-first Cfr | ||
All of | ||
C-first Cfr-908e Firmware | ||
C-first Cfr-908e Firmware | ||
All of | ||
C-first Cfr-916e | ||
C-first Cfr | ||
All of | ||
C-first Md-404aa Firmware | ||
C-first Md-404aa Firmware | ||
All of | ||
C-first Md-404ab | ||
C-first Md-404ab Firmware | ||
All of | ||
C-first Md-404ha | ||
C-first Md-404ha Firmware | ||
All of | ||
C-first Md-404hd | ||
C-first Md-404hd Firmware | ||
All of | ||
C-first Md-808aa Firmware | ||
C-first Md-808aa Firmware | ||
All of | ||
C-first Md-808ab | ||
C-first Md-808ab Firmware | ||
All of | ||
C-first Md-808ha Firmware | ||
C-first Md-808ha Firmware | ||
All of | ||
C-first Md-808hd | ||
C-first Md-808hd Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-47674 is classified as a critical vulnerability due to its potential for remote unauthenticated access and configuration manipulation.
To resolve CVE-2023-47674, update the firmware to the latest version provided by First Corporation for affected DVR models.
CVE-2023-47674 affects various models of First Corporation's DVRs, including Cfr-4EABC, Cfr-4EAB, Cfr-8EAB, and others.
CVE-2023-47674 can be exploited by remote attackers without authentication, enabling them to alter or retrieve configuration settings.
Exploiting CVE-2023-47674 allows attackers to obtain sensitive configuration information from the affected DVR devices.