CVE-2023-27747 - OpenCVE

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Blackvue	Dr750-2ch Ir Lte Firmware Dr750-2ch Lte Firmware Dr750-2ch Ir Lte Dr750-2ch Lte

Configuration 1 [-]

AND

cpe:2.3:o:blackvue:dr750-2ch_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*

cpe:2.3:h:blackvue:dr750-2ch_lte:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:blackvue:dr750-2ch_ir_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*

cpe:2.3:h:blackvue:dr750-2ch_ir_lte:-:*:*:*:*:*:*:*

References

Link	Resource
https://blackvue.com	Product
https://github.com/eyJhb/blackvue-cve-2022	Exploit Third Party Advisory
https://github.com/eyJhb/blackvue-cve-2023	Exploit Third Party Advisory
https://shop.blackvue.com/product/dr750-2ch-ir-lte/	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-13T00:00:00

Updated: 2023-04-13T00:00:00

Reserved: 2023-03-05T00:00:00

Link: CVE-2023-27747

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-13T20:15:16.157

Modified: 2023-04-25T13:42:56.447

Link: CVE-2023-27747

JSON object: View

Redhat Information

No data.

CWE

CWE-306

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:blackvue:dr750-2ch_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*", "matchCriteriaId": "B52FB9F3-AB7B-4227-A2AE-1D646F2DFEB1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:blackvue:dr750-2ch_lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "46E5CB84-04EB-4971-A887-42F114BAAEDD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:blackvue:dr750-2ch_ir_lte_firmware:1.012_2022.10.26:*:*:*:*:*:*:*", "matchCriteriaId": "124BB4E3-698A-4228-BBFE-6953F1B9A9C5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:blackvue:dr750-2ch_ir_lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D929A81-C40D-40BB-980C-C197CA1AFF31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings."}], "id": "CVE-2023-27747", "lastModified": "2023-04-25T13:42:56.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-13T20:15:16.157", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "https://blackvue.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/eyJhb/blackvue-cve-2022"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/eyJhb/blackvue-cve-2023"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://shop.blackvue.com/product/dr750-2ch-ir-lte/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}