Description
Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- CBC Co.,Ltd. / DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 seriesfirmware all versions – firmware all versions
- CBC Co.,Ltd. / DR-16M, DR-8M, DR-4M51 seriesfirmware all versions – firmware all versions
- CBC Co.,Ltd. / NR-4F, NR-8F, NR-16F seriesfirmware all versions – firmware all versions
- CBC Co.,Ltd. / NR4H, NR8H, NR16H seriesfirmware all versions – firmware all versions
- CBC Co.,Ltd. / NR-4M, NR-8M, NR-16M seriesfirmware all versions – firmware all versions