CVE-2023-47213
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
16/11/2023
Last modified:
21/10/2024
Description
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16eha_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16eha:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16ehd_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16ehd:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-4eaa_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



