CVE-2023-45225

Zavio IP Camera Stack-Based Buffer Overflow

CVSS 9.8 CRITICALEPSS 1.3%CWE-121

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.8EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 nov 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Zavio · IP Camera B8220 Zavio · IP Camera B8520 Zavio · IP Camera CB3211 Zavio · IP Camera CB3212 Zavio · IP Camera CB5220 Zavio · IP Camera CB6231 Zavio · IP Camera CD321 Zavio · IP Camera CF7201 Zavio · IP Camera CF7300 Zavio · IP Camera CF7500 Zavio · IP Camera CF7501

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03