eyJhb/blackvue-cve-2023

eyJhb/blackvue-cve-2023

Releases0

Stars9

BlackVue DR750 CVE CVE-2023-27746 CVE-2023-27747 CVE-2023-27748

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-27747 ↗	Apr 13, 2023Thursday, 13 April 2023, 20:15	7.5 HIGH	—
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.
CVE-2023-27748 ↗	Apr 13, 2023Thursday, 13 April 2023, 20:15	9.8 CRITICAL	—
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.
CVE-2023-27746 ↗	Apr 13, 2023Thursday, 13 April 2023, 20:15	9.8 CRITICAL	—
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.