CVE-2023-43755

Zavio IP Camera Stack-Based Buffer Overflow

CVSS 9.8 CRITICALEPSS 1.3%CWE-121

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Zavio · IP Camera B8220 Zavio · IP Camera B8520 Zavio · IP Camera CB3211 Zavio · IP Camera CB3212 Zavio · IP Camera CB5220 Zavio · IP Camera CB6231 Zavio · IP Camera CD321 Zavio · IP Camera CF7201 Zavio · IP Camera CF7300 Zavio · IP Camera CF7500 Zavio · IP Camera CF7501

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03