CVE-2023-45225
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
57.0%
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP CamerasΒ with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While parsing
certain XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zavio | cf7500_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:* |
| zavio | cf7500 | - | cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:* |
| zavio | cf7300_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:* |
| zavio | cf7300 | - | cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:* |
| zavio | cf7201_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:* |
| zavio | cf7201 | - | cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:* |
| zavio | cf7501_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:* |
| zavio | cf7501 | - | cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:* |
| zavio | cb3211_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:* |
| zavio | cb3211 | - | cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
57.0%