CVE-2023-45225

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 version M2.1.6.05

Description The issue is caused by a stack-based overflow in the IP cameras' firmware. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size, which may lead to remote code execution.

Recommendations For Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 version M2.1.6.05, consider disabling the XML parsing functionality until a patch is available to prevent remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2023-07580

CVE-2023-45225

Affected Products

Zavio B8220

Zavio B8520

Zavio Cb3211

Zavio Cb3212

Zavio Cb5220

Zavio Cb6231

Zavio Cd321

Zavio Cf7201

Zavio Cf7300

Zavio Cf7500

Zavio Cf7501

CVE-2023-45225

Weakness Enumeration

Related Identifiers

Affected Products

References · 8