CVE-2023-47674

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
16/11/2023
Last modified:
11/06/2025

Description

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16eha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eha:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16ehd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16ehd:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-4eaa_firmware:-:*:*:*:*:*:*:*