CVE-2023-3959
Published: Nov 8, 2023
Modified: Jan 16, 2025
CVSS v3.1
9.8
Description
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
| Vendor | Product | Versions |
|---|---|---|
Zavio | IP Camera CF7500 | affected version M2.1.6.05 |
Zavio | IP Camera CF7300 | affected version M2.1.6.05 |
Zavio | IP Camera CF7201 | affected version M2.1.6.05 |
Zavio | IP Camera CF7501 | affected version M2.1.6.05 |
Zavio | IP Camera CB3211 | affected version M2.1.6.05 |
Zavio | IP Camera CB3212 | affected version M2.1.6.05 |
Zavio | IP Camera CB5220 | affected version M2.1.6.05 |
Zavio | IP Camera CB6231 | affected version M2.1.6.05 |
Zavio | IP Camera B8520 | affected version M2.1.6.05 |
Zavio | IP Camera B8220 | affected version M2.1.6.05 |
Zavio | IP Camera CD321 | affected version M2.1.6.05 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now