CVE-2023-34552

Name of the Vulnerable Software and Affected Versions EZVIZ CS-C6N-B0-1G2WF versions prior to V5.3.0 build 230215 EZVIZ CS-C6N-R101-1G2WF versions prior to V5.3.0 build 230215 EZVIZ CS-CV310-A0-1B2WFR versions prior to V5.3.0 build 230221 EZVIZ CS-CV310-A0-1C2WFR-C versions prior to V5.3.2 build 230221 EZVIZ CS-C6N-A0-1C2WFR-MUL versions prior to V5.3.2 build 230218 EZVIZ CS-CV310-A0-3C2WFRL-1080p versions prior to V5.2.7 build 230302 EZVIZ CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p versions prior to V5.3.2 build 230214 EZVIZ CS-CV248-A0-32WMFR versions prior to V5.2.3 build 230217 EZVIZ LC1C versions prior to V5.3.4 build 230214

Description The issue is related to two stack-based buffer overflows in the mulicast parse sadp packet and mulicast get pack type functions of the SADP multicast protocol. This can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution.

Recommendations For EZVIZ CS-C6N-B0-1G2WF, update to V5.3.0 build 230215 or later. For EZVIZ CS-C6N-R101-1G2WF, update to V5.3.0 build 230215 or later. For EZVIZ CS-CV310-A0-1B2WFR, update to V5.3.0 build 230221 or later. For EZVIZ CS-CV310-A0-1C2WFR-C, update to V5.3.2 build 230221 or later. For EZVIZ CS-C6N-A0-1C2WFR-MUL, update to V5.3.2 build 230218 or later. For EZVIZ CS-CV310-A0-3C2WFRL-1080p, update to V5.2.7 build 230302 or later. For EZVIZ CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p, update to V5.3.2 build 230214 or later. For EZVIZ CS-CV248-A0-32WMFR, update to V5.2.3 build 230217 or later. For EZVIZ LC1C, update to V5.3.4 build 230214 or later.