CVE-2023-47674

Description

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

References

Link	Tags
https://www.c-first.co.jp/information/ddososhirase/	vendor advisory
https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf	vendor advisory
https://jvn.jp/en/vu/JVNVU99077347/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-47674?: CVE-2023-47674 has been scored as a critical severity vulnerability.
How to fix CVE-2023-47674?: To fix CVE-2023-47674, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-47674 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-47674 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-47674?: CVE-2023-47674 affects First Co., Ltd. CFR-904E, CFR-908E, CFR-916E, First Co., Ltd. CFR-4EHD, CFR-8EHD, CFR-16EHD, First Co., Ltd. CFR-4EHA, CFR-8EHA, CFR-16EHA, First Co., Ltd. CFR-4EAAM, CFR-4EABC, First Co., Ltd. CFR-4EAA, CFR-8EAA, CFR-16EAA, First Co., Ltd. CFR-4EAB, CFR-8EAB, CFR-16EAB, First Co., Ltd. CFR-1004EA, CFR-1008EA, CFR-1016EA, First Co., Ltd. MD-404HD, MD-808HD, First Co., Ltd. MD-404HA, MD-808HA, First Co., Ltd. MD-404AA, MD-808AA, First Co., Ltd. MD-404AB, MD-808AB.

Description

Category

CWE-306 – Missing Authentication for Critical Function

References

Frequently Asked Questions