cvelist/2023/28xxx/CVE-2023-28704.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-28704",
        "ASSIGNER": "cve@cert.org.tw",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                        "cweId": "CWE-78"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Furbo",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "dog camera fireware",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "542"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",
                "refsource": "MISC",
                "name": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "source": {
        "advisory": "TVN-202305006",
        "discovery": "EXTERNAL"
    },
    "credits": [
        {
            "lang": "en",
            "value": "Lee Pu, Weber Tasi, KaiChing Wang (CHT Security)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2023-03-21 11:00:50 +00:00			`{`
"-Synchronized-Data." 2024-10-14 04:00:31 +00:00			`"data_version": "4.0",`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
"-Synchronized-Data." 2023-03-21 11:00:50 +00:00			`"CVE_data_meta": {`
			`"ID": "CVE-2023-28704",`
"-Synchronized-Data." 2024-10-14 04:00:31 +00:00			`"ASSIGNER": "cve@cert.org.tw",`
			`"STATE": "PUBLIC"`
			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",`
			`"cweId": "CWE-78"`
			`}`
			`]`
			`}`
			`]`
"-Synchronized-Data." 2023-03-21 11:00:50 +00:00			`},`
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604 2023-06-02 18:00:55 +08:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
"-Synchronized-Data." 2024-10-14 04:00:31 +00:00			`"vendor_name": "Furbo",`
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604 2023-06-02 18:00:55 +08:00			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "dog camera fireware",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "542"`
			`}`
			`]`
			`}`
			`}`
			`]`
"-Synchronized-Data." 2024-10-14 04:00:31 +00:00			`}`
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604 2023-06-02 18:00:55 +08:00			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2023-06-02 11:00:44 +00:00			`"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",`
"-Synchronized-Data." 2024-10-14 04:00:31 +00:00			`"refsource": "MISC",`
"-Synchronized-Data." 2023-06-02 11:00:44 +00:00			`"name": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html"`
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604 2023-06-02 18:00:55 +08:00			`}`
			`]`
			`},`
"-Synchronized-Data." 2024-10-14 04:00:31 +00:00			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
Add TWCERT/CC CVE-2022-46307 CVE-2022-46308 CVE-2022-47616 CVE-2022-47617 CVE-2023-25780 CVE-2023-28698 CVE-2023-28699 CVE-2023-28700 CVE-2023-28701 CVE-2023-28702 CVE-2023-28703 CVE-2023-28704 CVE-2023-28705 CVE-2023-30602 CVE-2023-30603 CVE-2023-30604 2023-06-02 18:00:55 +08:00			`"source": {`
			`"advisory": "TVN-202305006",`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2024-10-14 04:00:31 +00:00			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Lee Pu, Weber Tasi, KaiChing Wang (CHT Security)"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"attackComplexity": "LOW",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`]`
"-Synchronized-Data." 2023-03-21 11:00:50 +00:00			`}`
			`}`