PT-2023-21318 · Blackvue · Blackvue Dr750-2Ch Lte
Eyjhb
·
Published
2023-04-13
·
Updated
2023-04-25
·
CVE-2023-27748
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BlackVue DR750-2CH LTE version 1.012 2022.10.26
Description
The issue concerns the lack of authenticity check for uploaded firmware, allowing attackers to upload crafted firmware that contains backdoors and enables arbitrary code execution.
Recommendations
For BlackVue DR750-2CH LTE version 1.012 2022.10.26, as a temporary workaround, consider restricting access to firmware uploads until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blackvue Dr750-2Ch Lte