All the vulnerabilites related to KbDevice, Inc. - KB-AHR16D firmware
jvndb-2023-002055
Vulnerability from jvndb
Published
2023-06-07 11:52
Modified
2024-05-24 15:57
Severity ?
Summary
Multiple vulnerabilities in KbDevice digital video recorders
Details
Multiple digital video recorders provided by KbDevice,Inc. contain multiple vulnerabilities listed below.
* Improper authentication (CWE-287) - CVE-2023-30762
* OS command injection (CWE-78) - CVE-2023-30764
* Hidden functionality (CWE-912) - CVE-2023-30766
Yoshiki Mori, Ushimaru Hayato, Hiromu Kubiura and Masaki Kubo of National Institute of Information and Communications Technology Cybersecurity Research Institute reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/vu/JVNVU90812349/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-30762 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-30764 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-30766 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-30762 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-30764 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-30766 | |
Improper Authentication(CWE-287) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Hidden Functionality(CWE-912) | https://cwe.mitre.org/data/definitions/912.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002055.html", "dc:date": "2024-05-24T15:57+09:00", "dcterms:issued": "2023-06-07T11:52+09:00", "dcterms:modified": "2024-05-24T15:57+09:00", "description": "Multiple digital video recorders provided by KbDevice,Inc. contain multiple vulnerabilities listed below.\r\n\r\n * Improper authentication (CWE-287) - CVE-2023-30762\r\n * OS command injection (CWE-78) - CVE-2023-30764\r\n * Hidden functionality (CWE-912) - CVE-2023-30766\r\n\r\nYoshiki Mori, Ushimaru Hayato, Hiromu Kubiura and Masaki Kubo of National Institute of Information and Communications Technology Cybersecurity Research Institute reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.", "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002055.html", "sec:cpe": [ { "#text": "cpe:/o:kbdevice:kb-ahr04d_firmware", "@product": "KB-AHR04D firmware", "@vendor": "KbDevice, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:kbdevice:kb-ahr08d_firmware", "@product": "KB-AHR08D firmware", "@vendor": "KbDevice, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:kbdevice:kb-ahr16d_firmware", "@product": "KB-AHR16D firmware", "@vendor": "KbDevice, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:kbdevice:kb-irip04a_firmware", "@product": "KB-IRIP04A firmware", "@vendor": "KbDevice, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:kbdevice:kb-irip08a_firmware", "@product": "KB-IRIP08A firmware", "@vendor": "KbDevice, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:kbdevice:kb-irip16a_firmware", "@product": "KB-IRIP16A firmware", "@vendor": "KbDevice, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "8.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" }, "sec:identifier": "JVNDB-2023-002055", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU90812349/index.html", "@id": "JVNVU#90812349", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-30762", "@id": "CVE-2023-30762", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-30764", "@id": "CVE-2023-30764", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-30766", "@id": "CVE-2023-30766", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30762", "@id": "CVE-2023-30762", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30764", "@id": "CVE-2023-30764", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30766", "@id": "CVE-2023-30766", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-287", "@title": "Improper Authentication(CWE-287)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://cwe.mitre.org/data/definitions/912.html", "@id": "CWE-912", "@title": "Hidden Functionality(CWE-912)" } ], "title": "Multiple vulnerabilities in KbDevice digital video recorders" }