CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2023-38584 (GCVE-0-2023-38584)
Vulnerability from cvelistv5 – Published: 2023-10-19 19:20 – Updated: 2025-01-16 21:28
VLAI
Title
Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow
Summary
In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Weintek | cMT-FHD |
Affected:
0 , ≤ 20210210
(custom)
|
|
| Weintek | cMT-HDM |
Affected:
0 , ≤ 20210204
(custom)
|
|
| Weintek | cMT3071 |
Affected:
0 , ≤ 20210218
(custom)
|
|
| Weintek | cMT3072 |
Affected:
0 , ≤ 20210218
(custom)
|
|
| Weintek | cMT3103 |
Affected:
0 , ≤ 20210218
(custom)
|
|
| Weintek | cMT3090 |
Affected:
0 , ≤ 20210218
(custom)
|
|
| Weintek | cMT3151 |
Affected:
0 , ≤ 20210218
(custom)
|
Date Public
2023-10-12 17:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
},
{
"tags": [
"x_transferred"
],
"url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:44.800664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:28:46.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "cMT-FHD",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210210 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT-HDM",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210204 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3071",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3072",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3103",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3090",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3151",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
}
],
"datePublic": "2023-10-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-19T19:20:20.059Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
},
{
"url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
}
],
"value": "\n\n\n\n\nWeintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n * cMT-FHD: OS version 20210211\n * cMT-HDM: OS version 20210205\n * cMT3071: OS version 20210219\n * cMT3072: OS version 20210219\n * cMT3103: OS version 20210219\n * cMT3090: OS version 20210219\n * cMT3151: OS version 20210219\n\n\nFor additional information, refer to Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSMA-23-285-12",
"discovery": "EXTERNAL"
},
"title": "Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-38584",
"datePublished": "2023-10-19T19:20:20.059Z",
"dateReserved": "2023-09-20T14:26:47.021Z",
"dateUpdated": "2025-01-16T21:28:46.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39276 (GCVE-0-2023-39276)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:04 – Updated: 2024-09-13 16:04
VLAI
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
Date Public
2023-10-17 22:04
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:04:23.771929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:04:35.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Management",
"SSLVPN"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.0.1-5119 and earlier versions"
},
{
"status": "affected",
"version": "7.0.1-5129 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.4-44v-21-2079 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.12-101n and earlier versions"
}
]
}
],
"datePublic": "2023-10-17T22:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\u003cbr\u003e"
}
],
"value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:04:34.956Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-39276",
"datePublished": "2023-10-17T22:04:34.956Z",
"dateReserved": "2023-07-27T00:07:04.124Z",
"dateUpdated": "2024-09-13T16:04:35.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39277 (GCVE-0-2023-39277)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:08 – Updated: 2024-09-13 16:03
VLAI
Summary
SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
Date Public
2023-10-17 22:08
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:02:52.041284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:03:01.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Management",
"SSLVPN"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.0.1-5119 and earlier versions"
},
{
"status": "affected",
"version": "7.0.1-5129 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.4-44v-21-2079 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.12-101n and earlier versions"
}
]
}
],
"datePublic": "2023-10-17T22:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSonicOS post-authentication stack-based buffer overflow vulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ein the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash.\u003c/span\u003e"
}
],
"value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:08:55.318Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-39277",
"datePublished": "2023-10-17T22:08:55.318Z",
"dateReserved": "2023-07-27T00:07:04.124Z",
"dateUpdated": "2024-09-13T16:03:01.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39278 (GCVE-0-2023-39278)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:12 – Updated: 2024-09-13 16:01
VLAI
Summary
SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
Date Public
2023-10-17 22:12
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:01:40.078298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:01:51.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Management",
"SSLVPN"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.0.1-5119 and earlier versions"
},
{
"status": "affected",
"version": "7.0.1-5129 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.4-44v-21-2079 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.12-101n and earlier versions"
}
]
}
],
"datePublic": "2023-10-17T22:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cb\u003e\u003c/b\u003e\u003c/span\u003e"
}
],
"value": "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:12:29.594Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-39278",
"datePublished": "2023-10-17T22:12:29.594Z",
"dateReserved": "2023-07-27T00:07:04.124Z",
"dateUpdated": "2024-09-13T16:01:51.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39279 (GCVE-0-2023-39279)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:15 – Updated: 2024-09-13 16:00
VLAI
Summary
SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
Date Public
2023-10-17 22:15
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T16:00:24.050497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T16:00:49.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Management",
"SSLVPN"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.0.1-5119 and earlier versions"
},
{
"status": "affected",
"version": "7.0.1-5129 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.4-44v-21-2079 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.12-101n and earlier versions"
}
]
}
],
"datePublic": "2023-10-17T22:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash."
}
],
"value": "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:15:00.711Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-39279",
"datePublished": "2023-10-17T22:15:00.711Z",
"dateReserved": "2023-07-27T00:07:04.124Z",
"dateUpdated": "2024-09-13T16:00:49.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39280 (GCVE-0-2023-39280)
Vulnerability from cvelistv5 – Published: 2023-10-17 22:17 – Updated: 2024-09-13 15:59
VLAI
Summary
SonicOS p
ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | vendor-advisory |
Impacted products
Date Public
2023-10-17 22:16
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T15:59:13.568147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T15:59:29.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Management",
"SSLVPN"
],
"product": "SonicOS",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "7.0.1-5119 and earlier versions"
},
{
"status": "affected",
"version": "7.0.1-5129 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.4-44v-21-2079 and earlier versions"
},
{
"status": "affected",
"version": "6.5.4.12-101n and earlier versions"
}
]
}
],
"datePublic": "2023-10-17T22:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SonicOS p\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\u003c/span\u003e\n\n"
}
],
"value": "SonicOS p\n\nost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T22:17:36.308Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2023-39280",
"datePublished": "2023-10-17T22:17:36.308Z",
"dateReserved": "2023-07-27T00:07:04.125Z",
"dateUpdated": "2024-09-13T15:59:29.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3943 (GCVE-0-2023-3943)
Vulnerability from cvelistv5 – Published: 2024-05-21 13:32 – Updated: 2024-08-02 07:08
VLAI
Title
Multiple buffer overflow in ZkTeco-based OEM devices
Summary
Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.
This issue affects
ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)
with firmware
ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| ZkTeco | ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 |
Affected:
ZAM170-NF-1.8.25-7354-Ver1.0.0
|
|
| zkteco | facedepot_7b |
Affected:
0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0
(custom)
cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:* |
|
| zkteco | smartec_st_fr041me |
Affected:
0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0
(custom)
cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:* |
|
| zkteco | smartec_st_fr043 |
Affected:
0 , ≤ ZAM170-NF-1.8.25-7354-Ver1.0.0
(custom)
cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:zkteco:facedepot_7b:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "facedepot_7b",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr041me:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr041me",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:zkteco:smartec_st_fr043:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "smartec_st_fr043",
"vendor": "zkteco",
"versions": [
{
"lessThanOrEqual": "ZAM170-NF-1.8.25-7354-Ver1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-21T15:03:22.339568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:17:30.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ZkTeco-based OEM devices with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0",
"vendor": "ZkTeco",
"versions": [
{
"status": "affected",
"version": "ZAM170-NF-1.8.25-7354-Ver1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The vulnerability was discovered by Georgy Kiguradze from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\u003cbr\u003e\u003cp\u003e\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.\n\n\n\n\u003c/p\u003e"
}
],
"value": "Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions.\n\nThis issue affects \nZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others)\n\n with firmware \nZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100: Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-21T13:32:47.870Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-05-01T21:00:00.000Z",
"value": "Vulnerability discovered."
},
{
"lang": "en",
"time": "2023-09-19T14:00:00.000Z",
"value": "Initial request to PSIRT@zkteco.com."
},
{
"lang": "en",
"time": "2023-10-03T13:18:00.000Z",
"value": "Follow-up with PSIRT@zkteco.com due to no initial response."
},
{
"lang": "en",
"time": "2023-12-20T10:46:00.000Z",
"value": "Vulnerability reported to PSIRT@zkteco.com in plaintext."
},
{
"lang": "en",
"time": "2024-05-21T13:32:00.000Z",
"value": "No response from vendor; CVE details added to CVE.org."
}
],
"title": "Multiple buffer overflow in ZkTeco-based OEM devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-3943",
"datePublished": "2024-05-21T13:32:47.870Z",
"dateReserved": "2023-07-25T14:17:34.611Z",
"dateUpdated": "2024-08-02T07:08:50.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39435 (GCVE-0-2023-39435)
Vulnerability from cvelistv5 – Published: 2023-11-08 22:54 – Updated: 2025-01-16 21:26 Unsupported When Assigned
VLAI
Title
Zavio IP Camera Stack-Based Buffer Overflow
Summary
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321 IP Cameras
with firmware version M2.1.6.05 are
vulnerable to stack-based overflows. During the process of updating
certain settings sent from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-Based Buffer Overflow
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zavio | IP Camera CF7500 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CF7300 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CF7201 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CF7501 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB3211 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB3212 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB5220 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB6231 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera B8520 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera B8220 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CD321 |
Affected:
version M2.1.6.05
|
Date Public
2023-10-31 20:34
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:19:50.375217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:22.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7500",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7300",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7201",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7501",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB3211",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB3212",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB5220",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB6231",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera B8520",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera B8220",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CD321",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Attila Szasz "
}
],
"datePublic": "2023-10-31T20:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nZavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIP Cameras \u003c/span\u003e\n\nwith firmware version M2.1.6.05 are \nvulnerable to stack-based overflows. During the process of updating \ncertain settings sent from incoming network requests, the product does \nnot sufficiently check or validate allocated buffer size. This may lead \nto remote code execution.\n\n"
}
],
"value": "Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 IP Cameras \n\nwith firmware version M2.1.6.05 are \nvulnerable to stack-based overflows. During the process of updating \ncertain settings sent from incoming network requests, the product does \nnot sufficiently check or validate allocated buffer size. This may lead \nto remote code execution.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T22:54:00.819Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03"
}
],
"source": {
"advisory": "ICSA-23-304-03",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Zavio IP Camera Stack-Based Buffer Overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nThe affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-39435",
"datePublished": "2023-11-08T22:54:00.819Z",
"dateReserved": "2023-10-10T22:30:47.603Z",
"dateUpdated": "2025-01-16T21:26:22.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3959 (GCVE-0-2023-3959)
Vulnerability from cvelistv5 – Published: 2023-11-08 23:02 – Updated: 2025-01-16 21:25 Unsupported When Assigned
VLAI
Title
Zavio IP Camera Stack-Based Buffer Overflow
Summary
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-Based Buffer Overflow
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zavio | IP Camera CF7500 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CF7300 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CF7201 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CF7501 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB3211 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB3212 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB5220 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CB6231 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera B8520 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera B8220 |
Affected:
version M2.1.6.05
|
|
| Zavio | IP Camera CD321 |
Affected:
version M2.1.6.05
|
Date Public
2023-10-31 20:34
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:12.349735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:25:58.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7500",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7300",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7201",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CF7501",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB3211",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB3212",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB5220",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CB6231",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera B8520",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera B8220",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IP Camera CD321",
"vendor": "Zavio",
"versions": [
{
"status": "affected",
"version": "version M2.1.6.05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Attila Szasz "
}
],
"datePublic": "2023-10-31T20:34:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nZavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIP Cameras\u003c/span\u003e\n\nwith firmware version M2.1.6.05 are \nvulnerable to multiple instances of stack-based overflows. While \nprocessing XML elements from incoming network requests, the product does\n not sufficiently check or validate allocated buffer size. This may lead\n to remote code execution.\n\n"
}
],
"value": "Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \n\nIP Cameras\n\nwith firmware version M2.1.6.05 are \nvulnerable to multiple instances of stack-based overflows. While \nprocessing XML elements from incoming network requests, the product does\n not sufficiently check or validate allocated buffer size. This may lead\n to remote code execution.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-08T23:02:55.581Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03"
}
],
"source": {
"advisory": "ICSA-23-304-03",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Zavio IP Camera Stack-Based Buffer Overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nThe affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3959",
"datePublished": "2023-11-08T23:02:55.581Z",
"dateReserved": "2023-07-26T18:38:50.354Z",
"dateUpdated": "2025-01-16T21:25:58.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40465 (GCVE-0-2023-40465)
Vulnerability from cvelistv5 – Published: 2023-12-04 23:02 – Updated: 2024-08-02 18:31
VLAI
Title
Improper input leads to DoS
Summary
Several versions of
ALEOS, including ALEOS 4.16.0, include an opensource
third-party
component which can be exploited from the local
area network,
resulting in a Denial of Service condition for the captive portal.
Severity
8.3 (High)
4.3 (Medium)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SierraWireless | ALEOS |
Affected:
4.10 , ≤ 4.16
(Custom)
Affected: 0 , ≤ 4.9.8 (Custom) |
Date Public
2023-11-28 18:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ALEOS",
"vendor": "SierraWireless",
"versions": [
{
"lessThanOrEqual": "4.16",
"status": "affected",
"version": "4.10",
"versionType": "Custom"
},
{
"lessThanOrEqual": "4.9.8",
"status": "affected",
"version": "0",
"versionType": "Custom"
}
]
}
],
"datePublic": "2023-11-28T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n\u003cp\u003eSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\u003c/p\u003e\n\n\u003cp\u003ethird-party\ncomponent which can be exploited from the local\u003c/p\u003e\n\n\u003cp\u003earea network,\nresulting in a Denial of Service condition for the captive portal.\u003c/p\u003e\n\n\n\n\n\n"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nSeveral versions of\nALEOS, including ALEOS 4.16.0, include an opensource\n\n\n\nthird-party\ncomponent which can be exploited from the local\n\n\n\narea network,\nresulting in a Denial of Service condition for the captive portal.\n\n\n\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Remote-Code Execution"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T23:02:04.103Z",
"orgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"shortName": "SWI"
},
"references": [
{
"url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper input leads to DoS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "747bec18-acd0-4d99-a5c8-5e366c66ab7e",
"assignerShortName": "SWI",
"cveId": "CVE-2023-40465",
"datePublished": "2023-12-04T23:02:04.103Z",
"dateReserved": "2023-08-14T20:59:20.798Z",
"dateUpdated": "2024-08-02T18:31:53.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.