CVE-2023-3959

Name of the Vulnerable Software and Affected Versions Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 with firmware version M2.1.6.05

Description The issue is caused by a stack-based buffer overflow. When processing XML elements from incoming network requests, the product does not sufficiently check or validate the allocated buffer size, which may lead to remote code execution.

Recommendations For Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 with firmware version M2.1.6.05, consider switching to a different model as the manufacturer will not issue security updates. As a temporary workaround, consider restricting access to the XML processing functionality until a patch is available. Avoid using the affected firmware version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.