PT-2023-9142 · Wyze+1 · Wyze Cam V3+1

Alexandru Lazar

Publicado

2023-10-18

Atualizado

2024-05-15

CVE-2023-6322

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Roku Indoor Camera SE version 3.0.2.4679 Wyze Cam v3 version 4.36.11.5859

Description A stack-based buffer overflow issue exists in the message parsing functionality. This can be triggered by a specially crafted message, leading to a stack-based buffer overflow. An attacker can make authenticated requests to exploit this issue, potentially allowing them to elevate their privileges and gain unauthorized access to protected information.

Recommendations For Roku Indoor Camera SE version 3.0.2.4679, update to a version that addresses the buffer overflow vulnerability in the message parsing functionality. For Wyze Cam v3 version 4.36.11.5859, update to a version that addresses the buffer overflow vulnerability in the message parsing functionality. As a temporary workaround, consider restricting access to the message parsing functionality until a patch is available.

Exploit

Correção

Stack Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-787

Identificadores relacionados

BDU:2024-04019

CVE-2023-6322

Produtos afetados

Roku Indoor Camera Se

Wyze Cam V3

PT-2023-9142 · Wyze+1 · Wyze Cam V3+1

CVE-2023-6322

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9