CVE-2023-39435

Published: Nov 8, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

Affected (11)

Products: Zavio: Cf7500 Firmware, Cf7300 Firmware, Cf7201 Firmware, Cf7501 Firmware, Cb3211 Firmware, Cb3212 Firmware, Cb5220 Firmware, Cb6231 Firmware, B8520 Firmware, B8220 Firmware, Cd321 Firmware

11 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cf7500 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cf7500	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cf7300 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cf7300	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cf7201 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cf7201	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cf7501 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cf7501	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cb3211 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cb3211	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cb3212 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cb3212	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cb5220 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cb5220	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cb6231 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cb6231	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio B8520 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio B8520	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio B8220 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio B8220	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zavio Cd321 Firmware	Version m2.1.6.05

Running on/with	Platform Versions
Zavio Cd321	All versions

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.