cve-2023-40144
Vulnerability from cvelistv5
Published
2023-08-23 03:09
Modified
2024-08-02 18:24
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://download.ganzsecurity.pl/ | Product | |
| vultures@jpcert.or.jp | https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice | Vendor Advisory | |
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU92545432/ | Third Party Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.ganzsecurity.pl/"
},
{
"tags": [
"x_transferred"
],
"url": "https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92545432/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NR4H, NR8H, NR16H series",
"vendor": "CBC Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
},
{
"product": "DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series",
"vendor": "CBC Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
},
{
"product": "NR-4M, NR-8M, NR-16M series",
"vendor": "CBC Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
},
{
"product": "NR-4F, NR-8F, NR-16F series",
"vendor": "CBC Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
},
{
"product": "DR-16M, DR-8M, DR-4M51 series",
"vendor": "CBC Co.,Ltd.",
"versions": [
{
"status": "affected",
"version": "firmware all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T03:09:26.960Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://download.ganzsecurity.pl/"
},
{
"url": "https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92545432/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-40144",
"datePublished": "2023-08-23T03:09:26.960Z",
"dateReserved": "2023-08-10T08:28:15.173Z",
"dateUpdated": "2024-08-02T18:24:55.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-40144\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2023-08-23T04:15:10.960\",\"lastModified\":\"2023-08-29T14:34:01.297\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr4h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D09FCA-C931-4149-9593-DDAACACF989A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr4h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"440E2421-F16E-4EF7-91E7-11C2E88E158A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr8h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DB9F041-9B98-4B9B-B955-44F286DCB6B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr8h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC121D8-6114-46DB-85D5-B42BADED711F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr16h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9F9B6CD-076C-470E-B2F5-8F95B748205B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr16h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22367B7F-747B-47B2-A77A-1EB313C6DC1A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-16f42a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D7E7AEB-5918-4A72-BB30-CCDE5D76B611\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-16f42a_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"393123C5-C07A-49D2-9048-D05F0DBA21A6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-16f45at:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA6A51A-413C-4D9E-ADA7-CB020C842A40\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-16f45at_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C12A869-BFEB-4AD6-B42E-3B7C201C0469\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-8f42a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FBC8856-A81F-4940-9AC5-0B2837E85B59\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-8f42a_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13CC2787-3556-4ABD-B421-D33F739F8BA2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-8f45at_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DD422B3-3629-41A8-9AFE-546DAA6D9AB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-8f45at:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD260198-596B-4652-821E-EEF76DDCB009\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-4fx1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"567B4EA0-BDFF-4776-97C7-6BA7922C3A81\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-4fx1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790B191A-587B-46A8-BDD3-7490CA0386AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-16h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43C72656-A5D6-4EC1-8783-4126A8467B49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-16h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBC904C3-9968-44E8-A950-2063EFED7594\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-8h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"857C045C-7B05-418A-9B76-F7CF92DC3529\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-8h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE22FB36-8C63-4043-B946-5B0B52AAA673\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-4h_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9848D33D-856B-48F6-9B22-39C484FAE517\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-4h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08E6F86D-5096-4E57-AC87-AD7C2A5FDD89\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:drh8-4m41-a_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD5FA22C-14B2-4D5D-8CAF-FB639D8D7413\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:drh8-4m41-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7429E425-CEE9-4EFA-BEC9-540B05C14D2F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr8-4m71_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC4FE6A-CE54-4832-86D3-EF657D0CCABE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr8-4m71:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE82830E-3175-4E01-BFE1-1AC6BB0BBC56\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr8-8m72_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"842DE8A0-42DA-4FA6-A1C7-B0BCF1AAE6AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr8-8m72:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3859842-DDD5-42C4-9851-53F5B57C3BDB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr-16m_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E83004-3CBA-49FF-A56B-31D1C43C9AD3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr-16m:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7388B198-7FC7-425C-9010-6318152C31C5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr-16f85-8pra_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E73FFD18-D02D-4839-8B96-329ADA023E25\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr-16f85-8pra:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F65A63D-6E18-4E8B-B522-29D779FCCC02\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr-16f82-16p_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FB2DD05-9395-4FC1-9373-4E3E62E5466A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr-16f82-16p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF663900-CCEE-4B7B-9B0F-FDC5ED6A9BC5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr-4f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A17C2D93-CC7D-49A7-9DC2-0904D49B5B1C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr-4f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86B970D5-2B50-428B-99E2-26FAF58AF3AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:nr-8f_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"075EB5D7-3393-42DB-B02B-9EB95FFEB581\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:nr-8f:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC92528-D4E9-4FA0-8DF0-B77B0906D172\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-16m52_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5857E49-3622-4D19-A4D0-7722073B6EB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-16m52:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20DD9CAB-6C1F-4F58-86FF-55FABCAECFA6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-16m52-av_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD6EAFC-C0E9-48E2-BFCB-4F68C2E96B52\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-16m52-av:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B150D004-A32C-4EDC-B2DC-96E073ECA355\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-8m52-av_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D58A580-4F08-4AD7-A05B-9DDDC80FC94A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-8m52-av:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3678B910-1E58-4735-9C48-14192BDA08AD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cbc:dr-4m51-av_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBB9F25-40E3-45AB-A6C6-BA150D065978\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cbc:dr-4m51-av:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"487D9746-08BA-4747-BDD5-4A481232BF06\"}]}]}],\"references\":[{\"url\":\"https://download.ganzsecurity.pl/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\"]},{\"url\":\"https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/vu/JVNVU92545432/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.