CVE-2023-4249

Published: Nov 8, 2023

Modified: Jan 16, 2025

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests.

Vendor	Product	Versions
Zavio	IP Camera CF7500	affected `version M2.1.6.05`
Zavio	IP Camera CF7300	affected `version M2.1.6.05`
Zavio	IP Camera CF7201	affected `version M2.1.6.05`
Zavio	IP Camera CF7501	affected `version M2.1.6.05`
Zavio	IP Camera CB3211	affected `version M2.1.6.05`
Zavio	IP Camera CB3212	affected `version M2.1.6.05`
Zavio	IP Camera CB5220	affected `version M2.1.6.05`
Zavio	IP Camera CB6231	affected `version M2.1.6.05`
Zavio	IP Camera B8520	affected `version M2.1.6.05`
Zavio	IP Camera B8220	affected `version M2.1.6.05`
Zavio	IP Camera CD321	affected `version M2.1.6.05`

Weaknesses (CWE)

CWE-121

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-4249

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References