PT-2023-6773 · Zavio · Zavio Cb3211+10

Attila Szasz

Publicado

2023-10-31

Atualizado

2024-08-02

CVE-2023-39435

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras version M2.1.6.05

Description The issue is caused by a stack-based overflow in the firmware of the affected IP cameras. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

Recommendations For Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras version M2.1.6.05, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

BDU:2023-07581

CVE-2023-39435

Produtos afetados

Zavio B8220

Zavio B8520

Zavio Cb3211

Zavio Cb3212

Zavio Cb5220

Zavio Cb6231

Zavio Cd321

Zavio Cf7201

Zavio Cf7300

Zavio Cf7500

Zavio Cf7501

PT-2023-6773 · Zavio · Zavio Cb3211+10

CVE-2023-39435

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8