← Back to CVEs
CVE-2023-45225
CRITICAL9.8
Description
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/8/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
zavio:b8220zavio:b8220_firmwarezavio:b8520zavio:b8520_firmwarezavio:cb3211zavio:cb3211_firmwarezavio:cb3212zavio:cb3212_firmwarezavio:cb5220zavio:cb5220_firmwarezavio:cb6231zavio:cb6231_firmwarezavio:cd321zavio:cd321_firmwarezavio:cf7201zavio:cf7201_firmwarezavio:cf7300zavio:cf7300_firmwarezavio:cf7500zavio:cf7500_firmwarezavio:cf7501zavio:cf7501_firmware
Weaknesses (CWE)
CWE-121CWE-787
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.