CVE-2023-2504
published 2023-05-22CVE-2023-2504: Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.46%
36.6th percentile
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| birddog | 4k_quad | — | — |
| birddog | 4k_quad | — | — |
| birddog | 4k_quad_firmware | — | — |
| birddog | 4k_quad_firmware | — | — |
| birddog | a300_eyes | — | — |
| birddog | a300_firmware | — | — |
| birddog | mini | — | — |
| birddog | mini_firmware | — | — |
| birddog | studio_r3 | — | — |
| birddog | studio_r3_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-2504 involves hard-coded root credentials embedded in BirdDog firmware images. Detect by identifying default/hard-coded root-level credential usage on affected BirdDog camera/encoder devices. ↗
- →Affected firmware versions to flag in asset inventory or network scanning: BirdDog 4K QUAD versions 4.5.181 and 4.5.196, MINI version 2.6.2, A300 EYES version 3.4, STUDIO R3 version 3.6.4. ↗
- →Monitor for unauthorized root-level authentication attempts or successful root logins on BirdDog camera/encoder devices, which may indicate exploitation of hard-coded credentials. ↗
- ·The CVSS vector indicates local access (AV:L) is required for exploitation, meaning an attacker needs access to the firmware image or local system to extract the hard-coded credentials, though the advisory also notes the vulnerability is 'exploitable remotely' once credentials are obtained. ↗
- ·No specific hard-coded credential values (usernames/passwords) are disclosed in the public advisories, limiting direct credential-based detection rules. ↗
- ·No known public exploits specifically targeting this vulnerability were identified at time of advisory publication. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
BirdDog Cameras and Encoders
cisa_ics·2023-05-11·CVSS 8.4
[HIGH] BirdDog Cameras and Encoders
ICS Advisory
##
BirdDog Cameras and Encoders
Release DateMay 11, 2023
Alert CodeICSA-23-131-11
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: BirdDog
- Equipment: STUDIO R3, 4K QUAD, MINI, A300 EYES
- Vulnerabilities: Cross-Site Request Forgery, Use of Hard-Coded Credentials
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code or obtain unauthorized access to the product.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following BirdDog camera and encoder versions are affected:
- 4K QUAD: Versions 4.5.181 and 4.5.196
- MINI: Version 2.6.2
- A300 EYES: Version 3.4
- STUDIO R3: Version 3.6.4
## 3.2 VULNERABILITY OVERVIEW
3.
GHSA
GHSA-q93p-3qj2-8qc8: Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials
ghsa_unreviewed·2023-05-23
CVE-2023-2504 [CRITICAL] CWE-798 GHSA-q93p-3qj2-8qc8: Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials
Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-22
Published