OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H,
OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates…
| Vendor | Product | Versions |
|---|---|---|
| CBC Co.,Ltd. | NR4H, NR8H, NR16H series | firmware all versions |
| CBC Co.,Ltd. | DR | 16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series — firmware all versions |
| CBC Co.,Ltd. | NR | 4M, NR-8M, NR-16M series — firmware all versions |
| CBC Co.,Ltd. | NR | 4F, NR-8F, NR-16F series — firmware all versions |
| CBC Co.,Ltd. | DR | 16M, DR-8M, DR-4M51 series — firmware all versions |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.