9.8
CVE-2023-27748
- EPSS 0.74%
- Veröffentlicht 13.04.2023 20:15:16
- Zuletzt bearbeitet 07.02.2025 17:15:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blackvue ≫ Dr750-2ch Lte Firmware Version1.012_2022.10.26
Blackvue ≫ Dr750-2ch Ir Lte Firmware Version1.012_2022.10.26
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.74% | 0.496 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
https://blackvue.com
https://github.com/eyJhb/blackvue-cve-2022
https://github.com/eyJhb/blackvue-cve-2023
https://shop.blackvue.com/product/dr750-2ch-ir-lte/