CVE-2023-38585

Published: Aug 23, 2023Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

Affected (23)

Products: Cbc: Nr4h Firmware, Nr8h Firmware, Nr16h Firmware, Dr 16f42a Firmware, Dr 16f45at Firmware, Dr 8f42a Firmware, Dr 8f45at Firmware, Dr 4fx1 Firmware, Dr 16h Firmware, Dr 8h Firmware, Dr 4h Firmware, Drh8 4m41 A Firmware, Nr8 4m71 Firmware, Nr8 8m72 Firmware, Nr 16m Firmware, Nr 16f85 8pra Firmware, Nr 16f82 16p Firmware, Nr 4f Firmware, Nr 8f Firmware, Dr 16m52 Firmware, Dr 16m52 Av Firmware, Dr 8m52 Av Firmware, Dr 4m51 Av Firmware

23 products

Nr 16f85 8pra Firmware

Nr 16f82 16p Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr4h Firmware	All versions

Running on/with	Platform Versions
Cbc Nr4h	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr8h Firmware	All versions

Running on/with	Platform Versions
Cbc Nr8h	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr16h Firmware	All versions

Running on/with	Platform Versions
Cbc Nr16h	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 16f42a Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 16f42a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 16f45at Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 16f45at	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 8f42a Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 8f42a	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 8f45at Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 8f45at	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 4fx1 Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 4fx1	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 16h Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 16h	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 8h Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 8h	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 4h Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 4h	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Drh8 4m41 A Firmware	All versions

Running on/with	Platform Versions
Cbc Drh8 4m41 A	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr8 4m71 Firmware	All versions

Running on/with	Platform Versions
Cbc Nr8 4m71	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr8 8m72 Firmware	All versions

Running on/with	Platform Versions
Cbc Nr8 8m72	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr 16m Firmware	All versions

Running on/with	Platform Versions
Cbc Nr 16m	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr 16f85 8pra Firmware	All versions

Running on/with	Platform Versions
Cbc Nr 16f85 8pra	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr 16f82 16p Firmware	All versions

Running on/with	Platform Versions
Cbc Nr 16f82 16p	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr 4f Firmware	All versions

Running on/with	Platform Versions
Cbc Nr 4f	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Nr 8f Firmware	All versions

Running on/with	Platform Versions
Cbc Nr 8f	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 16m52 Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 16m52	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 16m52 Av Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 16m52 Av	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 8m52 Av Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 8m52 Av	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cbc Dr 4m51 Av Firmware	All versions

Running on/with	Platform Versions
Cbc Dr 4m51 Av	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://download.ganzsecurity.pl/

Source: vultures@jpcert.or.jp

Product

https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/vu/JVNVU92545432/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://download.ganzsecurity.pl/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jvn.jp/en/vu/JVNVU92545432/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.