Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
15 Nov 2023, 20:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:* cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:* cpe:2.3:h:zavio:b8520:-:*:*:*:*:*:*:* cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:h:zavio:cd321:-:*:*:*:*:*:*:* cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:* cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:* cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:h:zavio:cb6231:-:*:*:*:*:*:*:* cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:* cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:* cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:* cpe:2.3:h:zavio:b8220:-:*:*:*:*:*:*:* cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:* |
|
First Time |
Zavio cf7201
Zavio cf7201 Firmware Zavio cd321 Zavio cf7500 Zavio cf7300 Zavio cf7300 Firmware Zavio b8220 Firmware Zavio cb5220 Zavio cb3212 Firmware Zavio b8520 Firmware Zavio cd321 Firmware Zavio b8220 Zavio b8520 Zavio cf7501 Zavio cf7501 Firmware Zavio cb6231 Firmware Zavio cb5220 Firmware Zavio cb3211 Firmware Zavio cb3211 Zavio Zavio cb3212 Zavio cf7500 Firmware Zavio cb6231 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-787 |
09 Nov 2023, 13:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-08 23:15
Updated : 2024-04-11 01:21
NVD link : CVE-2023-3959
Mitre link : CVE-2023-3959
CVE.ORG link : CVE-2023-3959
JSON object : View
Products Affected
zavio
- cf7501_firmware
- cf7300
- cd321
- cf7501
- cb5220
- cb5220_firmware
- cf7300_firmware
- b8520_firmware
- cb3211
- b8520
- cf7201_firmware
- cd321_firmware
- cf7500_firmware
- cb6231_firmware
- cb3212_firmware
- cb6231
- b8220_firmware
- cf7201
- cf7500
- b8220
- cb3211_firmware
- cb3212