CVE-2023-40144

OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://download.ganzsecurity.pl/	Product
https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice	Vendor Advisory
https://jvn.jp/en/vu/JVNVU92545432/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cbc:nr4h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr4h:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cbc:nr8h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8h:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cbc:nr16h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr16h:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cbc:dr-16f42a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16f42a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:cbc:dr-16f45at_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16f45at:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:cbc:dr-8f42a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8f42a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:cbc:dr-8f45at_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8f45at:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:cbc:dr-4fx1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4fx1:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:cbc:dr-16h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16h:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:cbc:dr-8h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8h:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:cbc:dr-4h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4h:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:cbc:drh8-4m41-a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:drh8-4m41-a:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:cbc:nr8-4m71_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8-4m71:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:cbc:nr8-8m72_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr8-8m72:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:cbc:nr-16m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16m:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:cbc:nr-16f85-8pra_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16f85-8pra:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:cbc:nr-16f82-16p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-16f82-16p:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:cbc:nr-4f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-4f:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:cbc:nr-8f_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:nr-8f:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:cbc:dr-16m52_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16m52:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:cbc:dr-16m52-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-16m52-av:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:cbc:dr-8m52-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-8m52-av:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:cbc:dr-4m51-av_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cbc:dr-4m51-av:-:*:*:*:*:*:*:*

History

29 Aug 2023, 14:34

Type	Values Removed	Values Added
First Time		Cbc nr-8f Cbc dr-8f45at Cbc nr8-4m71 Firmware Cbc dr-16m52-av Cbc dr-8h Cbc nr-16f82-16p Cbc nr8h Firmware Cbc dr-4m51-av Cbc dr-16m52 Cbc nr16h Cbc dr-16f45at Cbc nr8h Cbc dr-8f42a Firmware Cbc Cbc dr-16f45at Firmware Cbc dr-4fx1 Cbc nr16h Firmware Cbc dr-16h Firmware Cbc nr8-4m71 Cbc nr-4f Firmware Cbc dr-8f42a Cbc nr4h Cbc dr-16m52 Firmware Cbc nr-16m Cbc dr-16f42a Cbc dr-8h Firmware Cbc dr-4h Firmware Cbc nr8-8m72 Firmware Cbc dr-16h Cbc nr-16f82-16p Firmware Cbc nr-4f Cbc nr-8f Firmware Cbc nr4h Firmware Cbc dr-4m51-av Firmware Cbc dr-4h Cbc dr-8m52-av Firmware Cbc nr-16f85-8pra Cbc nr-16m Firmware Cbc dr-16m52-av Firmware Cbc dr-4fx1 Firmware Cbc drh8-4m41-a Cbc nr-16f85-8pra Firmware Cbc nr8-8m72 Cbc dr-8f45at Firmware Cbc dr-8m52-av Cbc drh8-4m41-a Firmware Cbc dr-16f42a Firmware
References	~~(MISC) https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice -~~	(MISC) https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice - Vendor Advisory
References	~~(MISC) https://jvn.jp/en/vu/JVNVU92545432/ -~~	(MISC) https://jvn.jp/en/vu/JVNVU92545432/ - Third Party Advisory
References	~~(MISC) https://download.ganzsecurity.pl/ -~~	(MISC) https://download.ganzsecurity.pl/ - Product
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		CWE-78
CPE		cpe:2.3:h:cbc:dr-16f42a:-:::::::* cpe:2.3:h:cbc:nr-8f:-:::::::* cpe:2.3:o:cbc:dr-4fx1_firmware:-:::::::* cpe:2.3:o:cbc:dr-16m52-av_firmware:-:::::::* cpe:2.3:h:cbc:dr-16m52-av:-:::::::* cpe:2.3:o:cbc:dr-8f45at_firmware:-:::::::* cpe:2.3:o:cbc:dr-8f42a_firmware:-:::::::* cpe:2.3:h:cbc:dr-16m52:-:::::::* cpe:2.3:o:cbc:drh8-4m41-a_firmware:-:::::::* cpe:2.3:o:cbc:dr-16h_firmware:-:::::::* cpe:2.3:h:cbc:dr-8f42a:-:::::::* cpe:2.3:h:cbc:nr-16m:-:::::::* cpe:2.3:h:cbc:dr-8m52-av:-:::::::* cpe:2.3:o:cbc:nr-16m_firmware:-:::::::* cpe:2.3:o:cbc:dr-4h_firmware:-:::::::* cpe:2.3:h:cbc:nr4h:-:::::::* cpe:2.3:h:cbc:dr-4fx1:-:::::::* cpe:2.3:h:cbc:dr-4h:-:::::::* cpe:2.3:h:cbc:nr-16f85-8pra:-:::::::* cpe:2.3:o:cbc:nr8-4m71_firmware:-:::::::* cpe:2.3:o:cbc:nr16h_firmware:-:::::::* cpe:2.3:h:cbc:nr-16f82-16p:-:::::::* cpe:2.3:h:cbc:dr-16h:-:::::::* cpe:2.3:o:cbc:dr-4m51-av_firmware:-:::::::* cpe:2.3:o:cbc:nr-16f85-8pra_firmware:-:::::::* cpe:2.3:o:cbc:nr-8f_firmware:-:::::::* cpe:2.3:o:cbc:dr-16f42a_firmware:-:::::::* cpe:2.3:h:cbc:dr-4m51-av:-:::::::* cpe:2.3:h:cbc:nr8-4m71:-:::::::* cpe:2.3:h:cbc:drh8-4m41-a:-:::::::* cpe:2.3:o:cbc:dr-16m52_firmware:-:::::::* cpe:2.3:h:cbc:nr8-8m72:-:::::::* cpe:2.3:o:cbc:nr4h_firmware:-:::::::* cpe:2.3:h:cbc:dr-8h:-:::::::* cpe:2.3:h:cbc:dr-16f45at:-:::::::* cpe:2.3:h:cbc:dr-8f45at:-:::::::* cpe:2.3:o:cbc:nr-16f82-16p_firmware:-:::::::* cpe:2.3:o:cbc:nr8-8m72_firmware:-:::::::* cpe:2.3:h:cbc:nr16h:-:::::::* cpe:2.3:o:cbc:nr-4f_firmware:-:::::::* cpe:2.3:o:cbc:dr-16f45at_firmware:-:::::::* cpe:2.3:o:cbc:nr8h_firmware:-:::::::* cpe:2.3:o:cbc:dr-8h_firmware:-:::::::* cpe:2.3:h:cbc:nr-4f:-:::::::* cpe:2.3:h:cbc:nr8h:-:::::::* cpe:2.3:o:cbc:dr-8m52-av_firmware:-:::::::*

23 Aug 2023, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-23 04:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-40144

Mitre link : CVE-2023-40144

CVE.ORG link : CVE-2023-40144

JSON object : View

Products Affected

cbc

dr-16m52-av_firmware
dr-8f45at_firmware
dr-16m52-av
dr-8m52-av_firmware
nr16h
dr-8m52-av
nr-16f82-16p_firmware
nr-4f
dr-8f45at
nr8h_firmware
nr8h
dr-8h_firmware
dr-4h
nr16h_firmware
dr-8f42a_firmware
dr-16f45at
dr-16m52
nr-16m_firmware
nr8-8m72
dr-16f45at_firmware
dr-4m51-av_firmware
nr-8f_firmware
drh8-4m41-a
dr-8f42a
nr4h_firmware
nr-16f85-8pra
nr-16f82-16p
nr-8f
nr8-4m71_firmware
dr-16m52_firmware
dr-16h_firmware
dr-4fx1
nr-4f_firmware
nr8-8m72_firmware
dr-4h_firmware
dr-8h
dr-4m51-av
nr4h
dr-16h
nr-16m
dr-16f42a
nr8-4m71
nr-16f85-8pra_firmware
drh8-4m41-a_firmware
dr-16f42a_firmware
dr-4fx1_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

8.8 /10