MidnightBSD

Advisories for c-first

CVE-2023-47213

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
c-first cfr-16eaa_firmware -
c-first cfr-4eabc_firmware -
c-first cfr-16ehd_firmware -
c-first cfr-16eab_firmware -
c-first cfr-8eha_firmware -
c-first cfr-1004ea_firmware -
c-first md-808ha_firmware -
c-first cfr-4eaam_firmware -
c-first md-404ab_firmware -
c-first cfr-8eab_firmware -
c-first cfr-16eha_firmware -
c-first md-404hd_firmware -
c-first cfr-8eaa_firmware -
c-first cfr-4eha_firmware -
c-first cfr-8ehd_firmware -
c-first cfr-1016ea_firmware -
c-first cfr-4ehd_firmware -
c-first md-808aa_firmware -
c-first cfr-904e_firmware -
c-first md-404ha_firmware -
c-first cfr-4eaa_firmware -
c-first cfr-908e_firmware -
c-first md-808ab_firmware -
c-first md-404aa_firmware -
c-first cfr-916e_firmware -
c-first cfr-1008ea_firmware -
c-first md-808hd_firmware -
c-first cfr-4eab_firmware -
CVE-2023-47674

Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
c-first cfr-16eaa_firmware -
c-first cfr-4eabc_firmware -
c-first cfr-16ehd_firmware -
c-first cfr-16eab_firmware -
c-first cfr-8eha_firmware -
c-first cfr-1004ea_firmware -
c-first md-808ha_firmware -
c-first cfr-4eaam_firmware -
c-first md-404ab_firmware -
c-first cfr-8eab_firmware -
c-first cfr-16eha_firmware -
c-first md-404hd_firmware -
c-first cfr-8eaa_firmware -
c-first cfr-4eha_firmware -
c-first cfr-8ehd_firmware -
c-first cfr-1016ea_firmware -
c-first cfr-4ehd_firmware -
c-first md-808aa_firmware -
c-first cfr-904e_firmware -
c-first md-404ha_firmware -
c-first cfr-4eaa_firmware -
c-first cfr-908e_firmware -
c-first md-808ab_firmware -
c-first md-404aa_firmware -
c-first cfr-916e_firmware -
c-first cfr-1008ea_firmware -
c-first md-808hd_firmware -
c-first cfr-4eab_firmware -