CVE-2023-2505
published 2023-05-22CVE-2023-2505: The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.
PriorityP347high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.32%
23.7th percentile
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| birddog | 4k_quad | — | — |
| birddog | 4k_quad | — | — |
| birddog | 4k_quad_firmware | — | — |
| birddog | 4k_quad_firmware | — | — |
| birddog | a300_eyes | — | — |
| birddog | a300_firmware | — | — |
| birddog | mini | — | — |
| birddog | mini_firmware | — | — |
| birddog | studio_r3 | — | — |
| birddog | studio_r3_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
BirdDog Cameras and Encoders
cisa_ics·2023-05-11·CVSS 8.4
[HIGH] BirdDog Cameras and Encoders
ICS Advisory
##
BirdDog Cameras and Encoders
Release DateMay 11, 2023
Alert CodeICSA-23-131-11
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: BirdDog
- Equipment: STUDIO R3, 4K QUAD, MINI, A300 EYES
- Vulnerabilities: Cross-Site Request Forgery, Use of Hard-Coded Credentials
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to remotely execute code or obtain unauthorized access to the product.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following BirdDog camera and encoder versions are affected:
- 4K QUAD: Versions 4.5.181 and 4.5.196
- MINI: Version 2.6.2
- A300 EYES: Version 3.4
- STUDIO R3: Version 3.6.4
## 3.2 VULNERABILITY OVERVIEW
3.
GHSA
GHSA-8qww-fpgr-w297: The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files
ghsa_unreviewed·2023-05-23
CVE-2023-2505 [HIGH] CWE-352 GHSA-8qww-fpgr-w297: The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files
The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-22
Published