Search criteria
9 vulnerabilities found for cs-c6n-b0-1g2wf_firmware by ezviz
FKIE_CVE-2023-34552
Vulnerability from fkie_nvd - Published: 2023-08-01 18:15 - Updated: 2025-02-12 19:15
Severity ?
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A77C112-1175-4460-A5BD-9BB71B4CE204",
"versionEndIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53448693-4C67-4538-B879-12F3F8B51BEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7EEDF7-442B-40AC-8806-0AB3CFE17533",
"versionEndIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-r101-1g2wf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6470C072-971D-4417-B0E7-4BFDA9584FBC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1b2wfr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "458145FB-A40C-4229-AE37-215B2E62A701",
"versionEndIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1b2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73269D17-F2D1-4D52-AF7C-561B584D6573",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr-c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B4879-5E30-4C71-AE38-6C35CF9BEA83",
"versionEndIncluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "801FF4C3-BF3B-4C89-B129-91FC9D33D82C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F29D41E-916A-4643-881F-73FB60E68CA2",
"versionEndIncluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr-mul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "872DDB21-ACE6-475D-B6C1-9653261E2529",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-3c2wfrl-1080p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1199D966-913A-4240-A80D-F7A570EA7DE4",
"versionEndIncluding": "5.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-3c2wfrl-1080p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F009BB5-0ECC-48CC-B69A-5E81E9F97082",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7442C9-0069-4401-9DE9-ACC54857493C",
"versionEndIncluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9181568-193B-4BF7-9A11-B7A031065934",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv248-a0-32wmfr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "089FFD60-0E39-4880-8D51-AB851BC063C2",
"versionEndIncluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv248-a0-32wmfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E56B8667-7DCC-45C7-8945-45A0909CFFB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:lc1c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C0969-FFAE-45DA-881E-852844558554",
"versionEndIncluding": "5.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:lc1c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D44F05-26DC-4976-8B5A-6DC9AA7D78D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214."
},
{
"lang": "es",
"value": "En determinados productos EZVIZ, dos desbordamientos de b\u00fafer basados en pila en las funciones mulicast_parse_sadp_packet y mulicast_get_pack_type del protocolo de multidifusi\u00f3n SADP pueden permitir a un atacante no autenticado presente en la misma red local que la c\u00e1mara lograr la ejecuci\u00f3n remota de c\u00f3digo. Esto afecta a las versiones de firmware CS-C6N-B0-1G2WF anteriores a V5.3.0 build 230215 y a las versiones de firmware CS-C6N-R101-1G2WF anteriores a V5.3.0 build 230215 y a las versiones de firmware CS-CV310-A0-1B2WFR anteriores a V5.3.0 build 230221 y a las versiones de firmware CS-CV310-A0-1C2WFR-C anteriores a V5.3.2 build 230221 y a las versiones de firmware CS-C6N-A0-1C2WFR-MUL anteriores a V5.3.2 build 230218 y a las versiones de firmware CS-C6N-A0-1C2WFR-MUL anteriores a V5.3.2 build 230218 y a las versiones de firmware CS-CV310-A0-3C2WFRL-1080p anteriores a V5.2.7 build 230302 y a las versiones de firmware CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p anteriores a V5.3.2 build 230214 y a las versiones de firmware CS-CV248-A0-32WMFR anteriores a V5.2.3 build 230217 y a las versiones de firmware EZVIZ LC1C anteriores a V5.3.4 build 230214."
}
],
"id": "CVE-2023-34552",
"lastModified": "2025-02-12T19:15:08.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-08-01T18:15:10.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://ezviz.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://ezviz.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-34551
Vulnerability from fkie_nvd - Published: 2023-08-01 18:15 - Updated: 2024-11-21 08:07
Severity ?
Summary
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A77C112-1175-4460-A5BD-9BB71B4CE204",
"versionEndIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53448693-4C67-4538-B879-12F3F8B51BEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7EEDF7-442B-40AC-8806-0AB3CFE17533",
"versionEndIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-r101-1g2wf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6470C072-971D-4417-B0E7-4BFDA9584FBC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1b2wfr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "458145FB-A40C-4229-AE37-215B2E62A701",
"versionEndIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1b2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73269D17-F2D1-4D52-AF7C-561B584D6573",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr-c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D45B4879-5E30-4C71-AE38-6C35CF9BEA83",
"versionEndIncluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr-c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "801FF4C3-BF3B-4C89-B129-91FC9D33D82C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F29D41E-916A-4643-881F-73FB60E68CA2",
"versionEndIncluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr-mul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "872DDB21-ACE6-475D-B6C1-9653261E2529",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-3c2wfrl-1080p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1199D966-913A-4240-A80D-F7A570EA7DE4",
"versionEndIncluding": "5.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-3c2wfrl-1080p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F009BB5-0ECC-48CC-B69A-5E81E9F97082",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7442C9-0069-4401-9DE9-ACC54857493C",
"versionEndIncluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9181568-193B-4BF7-9A11-B7A031065934",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv248-a0-32wmfr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "089FFD60-0E39-4880-8D51-AB851BC063C2",
"versionEndIncluding": "5.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv248-a0-32wmfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E56B8667-7DCC-45C7-8945-45A0909CFFB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:lc1c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A88C0969-FFAE-45DA-881E-852844558554",
"versionEndIncluding": "5.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:lc1c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74D44F05-26DC-4976-8B5A-6DC9AA7D78D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote)."
},
{
"lang": "es",
"value": "En ciertos productos EZVIZ, dos desbordamientos de b\u00fafer de pila en la funci\u00f3n netClientSetWlanCfg del servidor de comandos EZVIZ SDK pueden permitir a un atacante autenticado presente en la misma red local que la c\u00e1mara lograr la ejecuci\u00f3n remota de c\u00f3digo. Esto afecta a las versiones de firmware CS-C6N-B0-1G2WF anteriores a V5.3.0 build 230215 y CS-C6N-R101-1G2WF anteriores a V5.3.0 build 230215 y CS-CV310-A0-1B2WFR anteriores a V5.3.0 build 230221 y CS-CV310-A0-1C2WFR-C anteriores a V5.3.2 build 230221 y a las versiones de firmware CS-C6N-A0-1C2WFR-MUL anteriores a V5.3.2 build 230218 y a las versiones de firmware CS-CV310-A0-3C2WFRL-1080p anteriores a V5.2.7 build 230302 y a las versiones de firmware CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p anteriores a V5.3.2 build 230214 y a las versiones de firmware CS-CV248-A0-32WMFR anteriores a V5.2.3 build 230217 y las versiones de firmware EZVIZ LC1C anteriores a V5.3.4 build 230214. "
}
],
"id": "CVE-2023-34551",
"lastModified": "2024-11-21T08:07:22.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-01T18:15:09.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://ezviz.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://ezviz.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-2471
Vulnerability from fkie_nvd - Published: 2022-09-15 14:15 - Updated: 2024-11-21 07:01
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ezviz | cs-c6n-a0-1c2wfr_firmware | 5.3.0 | |
| ezviz | cs-c6n-a0-1c2wfr | - | |
| ezviz | cs-db1c-a0-1e2w2fr_firmware | 5.3.0 | |
| ezviz | cs-db1c-a0-1e2w2fr | - | |
| ezviz | cs-c6n-b0-1g2wf_firmware | 5.3.0 | |
| ezviz | cs-c6n-b0-1g2wf | - | |
| ezviz | cs-c3w-a0-3h4wfrl_firmware | 5.3.5 | |
| ezviz | cs-c3w-a0-3h4wfrl | - | |
| ezviz | cs-cv248_firmware | 5.2.1 | |
| ezviz | cs-cv248 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build201719:*:*:*:*:*:*",
"matchCriteriaId": "47C0BBC0-DADA-4E4B-BD6D-09859B290EFC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B9244-BE9E-4F6F-99E3-A08B46C4559E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-db1c-a0-1e2w2fr_firmware:5.3.0:build211208:*:*:*:*:*:*",
"matchCriteriaId": "C18E7920-0F8F-4C00-A649-69FD9FDFAF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-db1c-a0-1e2w2fr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3AD5A7-8DDE-4750-AF0B-54FD9620D2AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:5.3.0:build210731:*:*:*:*:*:*",
"matchCriteriaId": "14FFD3A3-5A67-4828-AE11-2747493BE4D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53448693-4C67-4538-B879-12F3F8B51BEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-c3w-a0-3h4wfrl_firmware:5.3.5:build220120:*:*:*:*:*:*",
"matchCriteriaId": "6908D459-9F6A-44A0-BD35-CF61C0827EEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-c3w-a0-3h4wfrl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "457F05D1-02C5-461A-93E3-E1D150BD60D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ezviz:cs-cv248_firmware:5.2.1:build180403:*:*:*:*:*:*",
"matchCriteriaId": "54DA9047-AEB4-4C20-AC3D-9CA3B97C75C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ezviz:cs-cv248:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE214B45-33B9-4C4D-AD19-0BB0DBC37ECD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en la regi\u00f3n Stack de la Memoria en el componente de detecci\u00f3n de movimiento de EZVIZ usado en los modelos de c\u00e1mara CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL permite a un atacante remoto ejecutar c\u00f3digo remoto en el dispositivo. Este problema afecta a: EZVIZ CS-CV248 versiones anteriores a 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versiones anteriores a 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versiones anteriores a 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versiones anteriores a versi\u00f3n 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versiones anteriores a 5.3.5 build 220723"
}
],
"id": "CVE-2022-2471",
"lastModified": "2024-11-21T07:01:03.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-15T14:15:09.640",
"references": [
{
"source": "cve-requests@bitdefender.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
],
"sourceIdentifier": "cve-requests@bitdefender.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cve-requests@bitdefender.com",
"type": "Secondary"
}
]
}
CVE-2023-34551 (GCVE-0-2023-34551)
Vulnerability from cvelistv5 – Published: 2023-08-01 00:00 – Updated: 2024-10-21 18:29
VLAI?
Summary
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://ezviz.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:5.3.0:build210731:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-b0-1g2wf_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware:5.3.0:build230215:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-r101-1g2wf_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv310-a0-1b2wfr_firmware:5.3.0:build230221:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-1b2wfr_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr-c_firmware:5.3.2:build230221:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-1c2wfr-c_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware:5.3.2:build230218:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-a0-1c2wfr-mul_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv310-a0-3c2wfrl-1080p_firmware:5.2.7:build230302:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-3c2wfrl-1080p_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-1c2wfr",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv248-a0-32wmfr_firmware:5.2.3:build230217:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv248-a0-32wmfr_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:lc1c_firmware:5.3.4:build230214:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lc1c_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:17:57.197693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:29:21.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://ezviz.com"
},
{
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34551",
"datePublished": "2023-08-01T00:00:00",
"dateReserved": "2023-06-07T00:00:00",
"dateUpdated": "2024-10-21T18:29:21.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34552 (GCVE-0-2023-34552)
Vulnerability from cvelistv5 – Published: 2023-08-01 00:00 – Updated: 2025-02-12 18:48
VLAI?
Summary
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.
Severity ?
4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://ezviz.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware:5.3.2:build230218:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-a0-1c2wfr-mul_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware:5.3.0:build230215:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-r101-1g2wf_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ezviz:cv310-a0-1b2wfr_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cv310-a0-1b2wfr_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T20:46:21.774754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T18:48:59.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://ezviz.com"
},
{
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34552",
"datePublished": "2023-08-01T00:00:00.000Z",
"dateReserved": "2023-06-07T00:00:00.000Z",
"dateUpdated": "2025-02-12T18:48:59.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2471 (GCVE-0-2022-2471)
Vulnerability from cvelistv5 – Published: 2022-09-15 13:15 – Updated: 2024-09-16 16:57
VLAI?
Title
Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component
Summary
Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.
Severity ?
9.9 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| EZVIZ | CS-CV248 |
Affected:
unspecified , < 5.2.3 build 220725
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Bitdefender Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CS-CV248",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.2.3 build 220725",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C6N-A0-1C2WFR",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220428",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-DB1C-A0-1E2W2FR",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220802",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C6N-B0-1G2WF",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220712",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C3W-A0-3H4WFRL",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.5 build 220723",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bitdefender Labs"
}
],
"datePublic": "2022-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T13:15:15",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
],
"solutions": [
{
"lang": "en",
"value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2022-09-15T01:00:00.000Z",
"ID": "CVE-2022-2471",
"STATE": "PUBLIC",
"TITLE": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CS-CV248",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.3 build 220725"
}
]
}
},
{
"product_name": "CS-C6N-A0-1C2WFR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220428"
}
]
}
},
{
"product_name": "CS-DB1C-A0-1E2W2FR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220802"
}
]
}
},
{
"product_name": "CS-C6N-B0-1G2WF",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220712"
}
]
}
},
{
"product_name": "CS-C3W-A0-3H4WFRL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.5 build 220723"
}
]
}
}
]
},
"vendor_name": "EZVIZ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bitdefender Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams",
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
]
},
"solution": [
{
"lang": "en",
"value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2022-2471",
"datePublished": "2022-09-15T13:15:15.916218Z",
"dateReserved": "2022-07-19T00:00:00",
"dateUpdated": "2024-09-16T16:57:55.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34551 (GCVE-0-2023-34551)
Vulnerability from nvd – Published: 2023-08-01 00:00 – Updated: 2024-10-21 18:29
VLAI?
Summary
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://ezviz.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:5.3.0:build210731:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-b0-1g2wf_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware:5.3.0:build230215:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-r101-1g2wf_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv310-a0-1b2wfr_firmware:5.3.0:build230221:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-1b2wfr_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr-c_firmware:5.3.2:build230221:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-1c2wfr-c_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware:5.3.2:build230218:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-a0-1c2wfr-mul_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv310-a0-3c2wfrl-1080p_firmware:5.2.7:build230302:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-3c2wfrl-1080p_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv310-a0-1c2wfr",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-cv248-a0-32wmfr_firmware:5.2.3:build230217:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-cv248-a0-32wmfr_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.2.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:lc1c_firmware:5.3.4:build230214:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lc1c_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:17:57.197693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:29:21.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://ezviz.com"
},
{
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34551",
"datePublished": "2023-08-01T00:00:00",
"dateReserved": "2023-06-07T00:00:00",
"dateUpdated": "2024-10-21T18:29:21.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34552 (GCVE-0-2023-34552)
Vulnerability from nvd – Published: 2023-08-01 00:00 – Updated: 2025-02-12 18:48
VLAI?
Summary
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.
Severity ?
4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://ezviz.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware:5.3.2:build230218:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-a0-1c2wfr-mul_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware:5.3.0:build230215:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cs-c6n-r101-1g2wf_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:ezviz:cv310-a0-1b2wfr_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cv310-a0-1b2wfr_firmware",
"vendor": "ezviz",
"versions": [
{
"lessThan": "5.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-34552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T20:46:21.774754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T18:48:59.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://ezviz.com"
},
{
"url": "https://www.ezviz.com/data-security/security-notice/detail/827"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34552",
"datePublished": "2023-08-01T00:00:00.000Z",
"dateReserved": "2023-06-07T00:00:00.000Z",
"dateUpdated": "2025-02-12T18:48:59.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2471 (GCVE-0-2022-2471)
Vulnerability from nvd – Published: 2022-09-15 13:15 – Updated: 2024-09-16 16:57
VLAI?
Title
Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component
Summary
Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.
Severity ?
9.9 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| EZVIZ | CS-CV248 |
Affected:
unspecified , < 5.2.3 build 220725
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Bitdefender Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CS-CV248",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.2.3 build 220725",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C6N-A0-1C2WFR",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220428",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-DB1C-A0-1E2W2FR",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220802",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C6N-B0-1G2WF",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220712",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C3W-A0-3H4WFRL",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.5 build 220723",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bitdefender Labs"
}
],
"datePublic": "2022-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T13:15:15",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
],
"solutions": [
{
"lang": "en",
"value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2022-09-15T01:00:00.000Z",
"ID": "CVE-2022-2471",
"STATE": "PUBLIC",
"TITLE": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CS-CV248",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.3 build 220725"
}
]
}
},
{
"product_name": "CS-C6N-A0-1C2WFR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220428"
}
]
}
},
{
"product_name": "CS-DB1C-A0-1E2W2FR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220802"
}
]
}
},
{
"product_name": "CS-C6N-B0-1G2WF",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220712"
}
]
}
},
{
"product_name": "CS-C3W-A0-3H4WFRL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.5 build 220723"
}
]
}
}
]
},
"vendor_name": "EZVIZ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bitdefender Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams",
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
]
},
"solution": [
{
"lang": "en",
"value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2022-2471",
"datePublished": "2022-09-15T13:15:15.916218Z",
"dateReserved": "2022-07-19T00:00:00",
"dateUpdated": "2024-09-16T16:57:55.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}