PT-2023-6772 · Zavio · Zavio Cb3211+10
Attila Szasz
+1
·
Publicado
2023-10-31
·
Atualizado
2024-08-02
·
CVE-2023-45225
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 version M2.1.6.05
Description
The issue is caused by a stack-based overflow in the IP cameras' firmware. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size, which may lead to remote code execution.
Recommendations
For Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 version M2.1.6.05, consider disabling the XML parsing functionality until a patch is available to prevent remote code execution.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Stack Overflow
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Zavio B8220
Zavio B8520
Zavio Cb3211
Zavio Cb3212
Zavio Cb5220
Zavio Cb6231
Zavio Cd321
Zavio Cf7201
Zavio Cf7300
Zavio Cf7500
Zavio Cf7501