CVE-2023-47674
Severity CVSS v4.0:
Pending analysis
Type:
CWE-306
Missing Authentication for Critical Function
Publication date:
16/11/2023
Last modified:
11/06/2025
Description
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16eha_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16eha:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-16ehd_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:c-first:cfr-16ehd:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:c-first:cfr-4eaa_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jvn.jp/en/vu/JVNVU99077347/
- https://www.c-first.co.jp/information/ddososhirase/
- https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf
- https://jvn.jp/en/vu/JVNVU99077347/
- https://www.c-first.co.jp/information/ddososhirase/
- https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf



