Published:2023/11/16 Last Updated:2023/11/16
JVNVU#99077347
Multiple vulnerabilities in First Corporation's DVRs
Overview
Digital Video Recorders (DVRs) provided by First Co., Ltd. contain multiple vulnerabilities.
Products Affected
- CFR-904E, CFR-908E, CFR-916E
- CFR-4EHD, CFR-8EHD, CFR-16EHD
- CFR-4EHA, CFR-8EHA, CFR-16EHA
- CFR-4EAAM, CFR-4EABC
- CFR-4EAA, CFR-8EAA, CFR-16EAA
- CFR-4EAB, CFR-8EAB, CFR-16EAB
- CFR-1004EA, CFR-1008EA, CFR-1016EA
- MD-404HD, MD-808HD
- MD-404HA, MD-808HA
- MD-404AA, MD-808AA
- MD-404AB, MD-808AB
Description
DVRs provided by First Co., Ltd. contain multiple vulnerabilities listed below.
Impact
A remote attacker may rewrite or obtain the configuration information of the affected device.
Solution
Update the Firmware
The developer provides the firmware updates for the following products.
- CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, MD-808AB: Late model
For products for which no firmware updates are provided, apply the workaround indicated by the developer.
For more information, refer to the information provided by the developer.
Vendor Status
References
-
NICTER Blog (Text in Japanese)
NICTER Observation Statistics - January to March 2022 / Rapid increase in the number of Mirai infected hosts in Japan
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Yoshiki Mori of National Institute of Information and Communications Technology Cybersecurity Research Institute reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-47213 |
|
CVE-2023-47674 |
|
| JVN iPedia |
|