CVE-2023-40144

Published: Aug 23, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

Vendor	Product	Versions
CBC Co.,Ltd.	NR4H, NR8H, NR16H series	affected `firmware all versions`
CBC Co.,Ltd.	DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series	affected `firmware all versions`
CBC Co.,Ltd.	NR-4M, NR-8M, NR-16M series	affected `firmware all versions`
CBC Co.,Ltd.	NR-4F, NR-8F, NR-16F series	affected `firmware all versions`
CBC Co.,Ltd.	DR-16M, DR-8M, DR-4M51 series	affected `firmware all versions`

References

https://download.ganzsecurity.pl/

https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice

https://jvn.jp/en/vu/JVNVU92545432/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-40144

Description

Affected Products

References