PT-2023-21318 · Blackvue · Blackvue Dr750-2Ch Lte

Eyjhb

Publicado

2023-04-13

Atualizado

2023-04-25

CVE-2023-27748

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BlackVue DR750-2CH LTE version 1.012 2022.10.26

Description The issue concerns the lack of authenticity check for uploaded firmware, allowing attackers to upload crafted firmware that contains backdoors and enables arbitrary code execution.

Recommendations For BlackVue DR750-2CH LTE version 1.012 2022.10.26, as a temporary workaround, consider restricting access to firmware uploads until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-345

Identificadores relacionados

CVE-2023-27748

Produtos afetados

Blackvue Dr750-2Ch Lte

PT-2023-21318 · Blackvue · Blackvue Dr750-2Ch Lte

CVE-2023-27748

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7