CVE-2023-45225

Zavio IP Camera Stack-Based Buffer Overflow

CVSS 9.8 CRITICALEPSS 1.3%CWE-121

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

08 nov 2023Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Zavio · IP Camera B8220 Zavio · IP Camera B8520 Zavio · IP Camera CB3211 Zavio · IP Camera CB3212 Zavio · IP Camera CB5220 Zavio · IP Camera CB6231 Zavio · IP Camera CD321 Zavio · IP Camera CF7201 Zavio · IP Camera CF7300 Zavio · IP Camera CF7500 Zavio · IP Camera CF7501

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03