CVE-2023-47213

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47213
First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU99077347/ Third Party Advisory
https://www.c-first.co.jp/information/ddososhirase/ Vendor Advisory
https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:c-first:cfr-16eha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eha:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:c-first:cfr-16ehd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16ehd:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:c-first:cfr-4eaa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eaa:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:c-first:cfr-4eaam_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eaam:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:c-first:cfr-4eab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eab:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:c-first:cfr-4eabc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eabc:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:c-first:cfr-4eha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eha:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:c-first:cfr-4ehd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4ehd:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:c-first:cfr-8eaa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8eaa:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:c-first:cfr-8eab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8eab:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:c-first:cfr-8eha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8eha:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:c-first:cfr-8ehd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8ehd:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:c-first:cfr-904e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-904e:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:c-first:cfr-908e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-908e:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:c-first:cfr-916e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-916e:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:c-first:md-404aa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404aa:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:c-first:md-404ab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404ab:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:c-first:md-404ha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404ha:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:c-first:md-404hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404hd:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:c-first:md-808aa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808aa:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:c-first:md-808ab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808ab:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:c-first:md-808ha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808ha:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:c-first:md-808hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808hd:-:*:*:*:*:*:*:*
History

05 Dec 2023, 19:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CPE cpe:2.3:h:c-first:cfr-908e:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808ha:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4ehd:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8eab:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404hd:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-8eha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16ehd:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404ab:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-4eaam_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-4eaa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-4eab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16ehd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-404ha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eabc:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eab:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-1004ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eab:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808ab:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404aa:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8eaa:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-8eaa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eha:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-8ehd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808aa:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-4eabc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-404hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-808ab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-808ha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16eha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-908e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-4eha_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-904e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-4ehd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-916e_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eha:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-808aa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eaam:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-916e:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-16eaa:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-1016ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16eaa_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-16eab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-4eaa:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-808hd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-808hd:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-8eab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1004ea:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1016ea:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-404ab_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8eha:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-904e:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:md-404ha:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-1008ea:-:*:*:*:*:*:*:*
cpe:2.3:h:c-first:cfr-8ehd:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:cfr-1008ea_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:c-first:md-404aa_firmware:-:*:*:*:*:*:*:*
CWE CWE-798
References () https://jvn.jp/en/vu/JVNVU99077347/ - () https://jvn.jp/en/vu/JVNVU99077347/ - Third Party Advisory
References () https://www.c-first.co.jp/information/ddososhirase/ - () https://www.c-first.co.jp/information/ddososhirase/ - Vendor Advisory
References () https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf - () https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf - Vendor Advisory
First Time C-first cfr-4ehd Firmware
C-first cfr-16eab Firmware
C-first cfr-4eabc Firmware
C-first cfr-1008ea
C-first cfr-8eab Firmware
C-first md-808ha Firmware
C-first cfr-8ehd Firmware
C-first cfr-16eaa
C-first cfr-4eaam Firmware
C-first cfr-904e Firmware
C-first md-808aa
C-first cfr-16ehd Firmware
C-first cfr-8eha
C-first cfr-4eab
C-first
C-first cfr-916e
C-first cfr-1016ea
C-first cfr-8ehd
C-first cfr-904e
C-first cfr-908e Firmware
C-first cfr-8eaa Firmware
C-first md-404aa Firmware
C-first cfr-4eabc
C-first md-808hd Firmware
C-first cfr-4eab Firmware
C-first md-808aa Firmware
C-first md-404ha Firmware
C-first cfr-916e Firmware
C-first md-404ab
C-first cfr-4eha Firmware
C-first md-404aa
C-first cfr-1008ea Firmware
C-first cfr-8eha Firmware
C-first cfr-16ehd
C-first cfr-1004ea Firmware
C-first cfr-16eaa Firmware
C-first md-404hd Firmware
C-first cfr-1004ea
C-first cfr-8eab
C-first cfr-908e
C-first md-808ab Firmware
C-first cfr-8eaa
C-first md-808ha
C-first cfr-4eaam
C-first md-404ab Firmware
C-first md-404ha
C-first md-404hd
C-first cfr-16eab
C-first cfr-4eha
C-first md-808hd
C-first cfr-16eha
C-first cfr-1016ea Firmware
C-first cfr-16eha Firmware
C-first cfr-4ehd
C-first cfr-4eaa
C-first md-808ab
C-first cfr-4eaa Firmware

16 Nov 2023, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-16 08:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-47213

Mitre link : CVE-2023-47213

CVE.ORG link : CVE-2023-47213

JSON object : View

Products Affected

c-first

  • cfr-4eab_firmware
  • cfr-4eha_firmware
  • md-808aa_firmware
  • md-808hd_firmware
  • cfr-16ehd
  • md-404ab_firmware
  • cfr-16eha
  • cfr-916e
  • cfr-908e
  • md-808ab
  • md-808ha
  • cfr-1004ea
  • cfr-1016ea_firmware
  • md-808ab_firmware
  • cfr-4eha
  • cfr-8ehd_firmware
  • md-404ha_firmware
  • cfr-4eaa_firmware
  • cfr-1016ea
  • cfr-904e
  • cfr-8eab
  • cfr-8eha
  • cfr-4eaam_firmware
  • md-808ha_firmware
  • md-404ab
  • cfr-908e_firmware
  • cfr-916e_firmware
  • cfr-8ehd
  • cfr-8eaa
  • cfr-1008ea_firmware
  • md-404hd_firmware
  • cfr-4eabc_firmware
  • cfr-16eab
  • md-404hd
  • cfr-16eab_firmware
  • cfr-4ehd_firmware
  • md-404aa
  • md-404aa_firmware
  • md-404ha
  • md-808hd
  • cfr-904e_firmware
  • cfr-1004ea_firmware
  • cfr-1008ea
  • cfr-8eab_firmware
  • cfr-4ehd
  • cfr-4eaam
  • cfr-16eaa_firmware
  • cfr-4eab
  • cfr-16eaa
  • cfr-8eha_firmware
  • cfr-8eaa_firmware
  • cfr-4eaa
  • cfr-16ehd_firmware
  • cfr-4eabc
  • cfr-16eha_firmware
  • md-808aa
CWE
CWE-798

Use of Hard-coded Credentials