CVE-2023-34551

Name of the Vulnerable Software and Affected Versions EZVIZ CS-C6N-B0-1G2WF versions prior to V5.3.0 build 230215 EZVIZ CS-C6N-R101-1G2WF versions prior to V5.3.0 build 230215 EZVIZ CS-CV310-A0-1B2WFR versions prior to V5.3.0 build 230221 EZVIZ CS-CV310-A0-1C2WFR-C versions prior to V5.3.2 build 230221 EZVIZ CS-C6N-A0-1C2WFR-MUL versions prior to V5.3.2 build 230218 EZVIZ CS-CV310-A0-3C2WFRL-1080p versions prior to V5.2.7 build 230302 EZVIZ CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p versions prior to V5.3.2 build 230214 EZVIZ CS-CV248-A0-32WMFR versions prior to V5.2.3 build 230217 EZVIZ LC1C versions prior to V5.3.4 build 230214

Description The issue affects certain EZVIZ products due to two stack buffer overflows in the netClientSetWlanCfg function of the EZVIZ SDK command server. This allows an authenticated attacker on the same local network as the camera to achieve remote code execution, enabling the execution of arbitrary code.

Recommendations For EZVIZ CS-C6N-B0-1G2WF versions prior to V5.3.0 build 230215, update to V5.3.0 build 230215 or later. For EZVIZ CS-C6N-R101-1G2WF versions prior to V5.3.0 build 230215, update to V5.3.0 build 230215 or later. For EZVIZ CS-CV310-A0-1B2WFR versions prior to V5.3.0 build 230221, update to V5.3.0 build 230221 or later. For EZVIZ CS-CV310-A0-1C2WFR-C versions prior to V5.3.2 build 230221, update to V5.3.2 build 230221 or later. For EZVIZ CS-C6N-A0-1C2WFR-MUL versions prior to V5.3.2 build 230218, update to V5.3.2 build 230218 or later. For EZVIZ CS-CV310-A0-3C2WFRL-1080p versions prior to V5.2.7 build 230302, update to V5.2.7 build 230302 or later. For EZVIZ CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p versions prior to V5.3.2 build 230214, update to V5.3.2 build 230214 or later. For EZVIZ CS-CV248-A0-32WMFR versions prior to V5.2.3 build 230217, update to V5.2.3 build 230217 or later. For EZVIZ LC1C versions prior to V5.3.4 build 230214, update to V5.3.4 build 230214 or later.