nvd-json-data-feeds/CVE-2023/CVE-2023-287xx/CVE-2023-28704.json

{
  "id": "CVE-2023-28704",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2023-06-02T11:15:10.650",
  "lastModified": "2023-06-09T18:22:24.773",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."
    },
    {
      "lang": "es",
      "value": "La c\u00e1mara para perros Furbo tiene un filtrado insuficiente para el par\u00e1metro especial de la funci\u00f3n de gesti\u00f3n del registro del dispositivo. Un atacante remoto no autenticado en la red Bluetooth con privilegios de usuario normales puede explotar esta vulnerabilidad para realizar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios del sistema o interrumpir el servicio. "
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "twcert@cert.org.tw",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "twcert@cert.org.tw",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:furbo:dog_camera:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC598A4-1514-409A-9323-1EBFA25762CF"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:furbo:dog_camera_firmware:542:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8603241-9310-43DC-A857-E6165FE2607F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-06-02T12:00:25.659913+00:00 2023-06-02 12:00:29 +00:00			`{`
			`"id": "CVE-2023-28704",`
			`"sourceIdentifier": "twcert@cert.org.tw",`
			`"published": "2023-06-02T11:15:10.650",`
Auto-Update: 2023-06-09T20:00:27.989102+00:00 2023-06-09 20:00:31 +00:00			`"lastModified": "2023-06-09T18:22:24.773",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2023-06-02T12:00:25.659913+00:00 2023-06-02 12:00:29 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service."`
Auto-Update: 2023-06-02T14:00:27.053961+00:00 2023-06-02 14:00:30 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "La c\u00e1mara para perros Furbo tiene un filtrado insuficiente para el par\u00e1metro especial de la funci\u00f3n de gesti\u00f3n del registro del dispositivo. Un atacante remoto no autenticado en la red Bluetooth con privilegios de usuario normales puede explotar esta vulnerabilidad para realizar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios del sistema o interrumpir el servicio. "`
Auto-Update: 2023-06-02T12:00:25.659913+00:00 2023-06-02 12:00:29 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "twcert@cert.org.tw",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "ADJACENT_NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "twcert@cert.org.tw",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-77"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-06-09T20:00:27.989102+00:00 2023-06-09 20:00:31 +00:00			`"configurations": [`
			`{`
			`"operator": "AND",`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
Auto-Update: 2024-05-19T02:00:29.558564+00:00 2024-05-19 02:03:31 +00:00			`"vulnerable": false,`
			`"criteria": "cpe:2.3:h:furbo:dog_camera:-:::::::*",`
			`"matchCriteriaId": "ADC598A4-1514-409A-9323-1EBFA25762CF"`
Auto-Update: 2023-06-09T20:00:27.989102+00:00 2023-06-09 20:00:31 +00:00			`}`
			`]`
			`},`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
Auto-Update: 2024-05-19T02:00:29.558564+00:00 2024-05-19 02:03:31 +00:00			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:furbo:dog_camera_firmware:542:::::::*",`
			`"matchCriteriaId": "F8603241-9310-43DC-A857-E6165FE2607F"`
Auto-Update: 2023-06-09T20:00:27.989102+00:00 2023-06-09 20:00:31 +00:00			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-06-02T12:00:25.659913+00:00 2023-06-02 12:00:29 +00:00			`"references": [`
			`{`
			`"url": "https://www.twcert.org.tw/tw/cp-132-7153-68f52-1.html",`
Auto-Update: 2023-06-09T20:00:27.989102+00:00 2023-06-09 20:00:31 +00:00			`"source": "twcert@cert.org.tw",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-06-02T12:00:25.659913+00:00 2023-06-02 12:00:29 +00:00			`}`
			`]`
			`}`