CVE-2023-27748
Summary
| CVE | CVE-2023-27748 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-04-13 20:15:00 UTC |
| Updated | 2023-04-25 13:38:00 UTC |
| Description | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution. |
Risk And Classification
Problem Types: CWE-345
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Blackvue | Dr750-2ch Ir Lte | - | All | All | All |
| Operating System | Blackvue | Dr750-2ch Ir Lte Firmware | 1.012_2022.10.26 | All | All | All |
| Hardware | Blackvue | Dr750-2ch Lte | - | All | All | All |
| Operating System | Blackvue | Dr750-2ch Lte Firmware | 1.012_2022.10.26 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GitHub - eyJhb/blackvue-cve-2023: BlackVue DR750 CVE CVE-2023-27746 CVE-2023-27747 CVE-2023-27748 | MISC | github.com | |
| GitHub - eyJhb/blackvue-cve-2023: BlackVue DR750 CVE CVE-2023-27746 CVE-2023-27747 CVE-2023-27748 | MISC | github.com | |
| Home - BlackVue Dash Cameras | MISC | blackvue.com | |
| DR750-2CH IR LTE - BlackVue Online Store | MISC | shop.blackvue.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.