Home
CRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Default status
unaffected
version M2.1.6.05
affected
Description
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
Problem types
CWE-121 Stack-Based Buffer Overflow
Product status
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
version M2.1.6.05
Credits
Attila Szasz
References
www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
www.cisa.gov/news-events/ics-advisories/icsa-23-304-03