Lucene search

BitdefenderCVELIST:CVE-2022-2472

HistorySep 15, 2022 - 1:20 p.m.

CVE-2022-2472 Improper Initialization vulnerability in local server authentication logic

2022-09-1513:20:11

CWE-665

Bitdefender

www.cve.org

cve-2022-2472

vulnerability

initialization

ezviz cs-c6n-a0-1c2wfr

local attacker

memory space

admin password

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.

CNA Affected

[
  {
    "product": "CS-C6N-A0-1C2WFR",
    "vendor": "EZVIZ",
    "versions": [
      {
        "lessThan": "5.3.0 build 220428",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams

CVSS3

7.6

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-2472