PT-2023-9142 · Wyze+1 · Wyze Cam V3+1
Alexandru Lazar
+1
·
Published
2023-10-18
·
Updated
2024-05-15
·
CVE-2023-6322
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Roku Indoor Camera SE version 3.0.2.4679
Wyze Cam v3 version 4.36.11.5859
Description
A stack-based buffer overflow issue exists in the message parsing functionality. This can be triggered by a specially crafted message, leading to a stack-based buffer overflow. An attacker can make authenticated requests to exploit this issue, potentially allowing them to elevate their privileges and gain unauthorized access to protected information.
Recommendations
For Roku Indoor Camera SE version 3.0.2.4679, update to a version that addresses the buffer overflow vulnerability in the message parsing functionality.
For Wyze Cam v3 version 4.36.11.5859, update to a version that addresses the buffer overflow vulnerability in the message parsing functionality.
As a temporary workaround, consider restricting access to the message parsing functionality until a patch is available.
Exploit
Fix
Stack Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Roku Indoor Camera Se
Wyze Cam V3