CVE-2023-47213

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-798
View all →

Vulnerability Description

First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround.

Related Vulnerabilities

CVE-2005-0496

CRITICAL
CVSS:9.8(Critical)

Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.

CWE-7982005

CVE-2008-0961

CRITICAL
CVSS:9.8(Critical)

EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface.

CWE-7982008

CVE-2008-1160

CRITICAL
CVSS:9.8(Critical)

ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra processes that is not changed when it is set by a user, which allows remote attackers to gain privileges.

CWE-7982008

CVE-2009-5154

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.

CWE-7982009

CVE-2010-1573

CRITICAL
CVSS:9.8(Critical)

Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitra...

CWE-7982010

CVE-2012-2166

CRITICAL
CVSS:9.8(Critical)

IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remot...

CWE-7982012