CVE-2023-45225

Zavio IP Camera Stack-Based Buffer Overflow

CVSS 9.8 CRITICALEPSS 1.3%CWE-121

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.8EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Nov 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Zavio · IP Camera B8220 Zavio · IP Camera B8520 Zavio · IP Camera CB3211 Zavio · IP Camera CB3212 Zavio · IP Camera CB5220 Zavio · IP Camera CB6231 Zavio · IP Camera CD321 Zavio · IP Camera CF7201 Zavio · IP Camera CF7300 Zavio · IP Camera CF7500 Zavio · IP Camera CF7501

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03