Stack overflow

2023-11-0823:15:00

PRIOn knowledge base

www.prio-n.com

zavio

ip cameras

firmware

vulnerabilities

stack-based overflows

xml parsing

remote code execution

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

57.1%

JSON

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321

IP Cameras

with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. During the
processing and parsing of certain fields in XML elements from incoming
network requests, the product does not sufficiently check or validate
allocated buffer size. This may lead to remote code execution.

CPENameOperatorVersion
b8220_firmwareeq2.1.65109
b8520_firmwareeq2.1.65109
cb3211_firmwareeq2.1.65109
cb3212_firmwareeq2.1.65109
cb5220_firmwareeq2.1.65109
cb6231_firmwareeq2.1.65109
cd321_firmwareeq2.1.65109
cf7201_firmwareeq2.1.65109
cf7300_firmwareeq2.1.65109
cf7500_firmwareeq2.1.65109

Name	Operator	Version
b8220_firmware	eq	2.1.65109
b8520_firmware	eq	2.1.65109
cb3211_firmware	eq	2.1.65109
cb3212_firmware	eq	2.1.65109
cb5220_firmware	eq	2.1.65109
cb6231_firmware	eq	2.1.65109
cd321_firmware	eq	2.1.65109
cf7201_firmware	eq	2.1.65109
cf7300_firmware	eq	2.1.65109
cf7500_firmware	eq	2.1.65109