← voltar
CVE-2023-39435

Zavio IP Camera Stack-Based Buffer Overflow

CVSS 8.8 HIGHEPSS 1.2%CWE-121
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.8EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 nov 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Zavio · IP Camera B8220Zavio · IP Camera B8520Zavio · IP Camera CB3211Zavio · IP Camera CB3212Zavio · IP Camera CB5220Zavio · IP Camera CB6231Zavio · IP Camera CD321Zavio · IP Camera CF7201Zavio · IP Camera CF7300Zavio · IP Camera CF7500Zavio · IP Camera CF7501

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03