Vulnerability Description
Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cbc | Nr4H Firmware | - |
| Cbc | Nr4H | - |
| Cbc | Nr8H Firmware | - |
| Cbc | Nr8H | - |
| Cbc | Nr16H Firmware | - |
| Cbc | Nr16H | - |
| Cbc | Dr-16F42A Firmware | - |
| Cbc | Dr-16F42A | - |
| Cbc | Dr-16F45At Firmware | - |
| Cbc | Dr-16F45At | - |
| Cbc | Dr-8F42A Firmware | - |
| Cbc | Dr-8F42A | - |
| Cbc | Dr-8F45At Firmware | - |
| Cbc | Dr-8F45At | - |
| Cbc | Dr-4Fx1 Firmware | - |
| Cbc | Dr-4Fx1 | - |
| Cbc | Dr-16H Firmware | - |
| Cbc | Dr-16H | - |
| Cbc | Dr-8H Firmware | - |
| Cbc | Dr-8H | - |
Related Weaknesses (CWE)
References
- https://download.ganzsecurity.pl/Product
- https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-noticeVendor Advisory
- https://jvn.jp/en/vu/JVNVU92545432/Third Party Advisory
- https://download.ganzsecurity.pl/Product
- https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-noticeVendor Advisory
- https://jvn.jp/en/vu/JVNVU92545432/Third Party Advisory
FAQ
What is CVE-2023-38585?
CVE-2023-38585 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/ve...
How severe is CVE-2023-38585?
CVE-2023-38585 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-38585?
Check the references section above for vendor advisories and patch information. Affected products include: Cbc Nr4H Firmware, Cbc Nr4H, Cbc Nr8H Firmware, Cbc Nr8H, Cbc Nr16H Firmware.