In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.
References
| Link | Resource |
|---|---|
| http://ezviz.com | Product |
| https://www.ezviz.com/data-security/security-notice/detail/827 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
History
07 Aug 2023, 19:20
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr-mul:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ezviz:lc1c_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ezviz:lc1c:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-cv310-a0-1b2wfr_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-cv310-a0-3c2wfrl-1080p:-:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-cv310-a0-1b2wfr:-:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-cv248-a0-32wmfr:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr-c_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-cv248-a0-32wmfr_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr-c:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-c6n-r101-1g2wf:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-cv310-a0-3c2wfrl-1080p_firmware:*:*:*:*:*:*:*:* |
|
| References | (MISC) http://ezviz.com - Product | |
| References | (MISC) https://www.ezviz.com/data-security/security-notice/detail/827 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CWE | CWE-787 | |
| First Time |
Ezviz cs-cv310-a0-1c2wfr-c
Ezviz cs-c6n-b0-1g2wf Firmware Ezviz Ezviz cs-cv310-a0-3c2wfrl-1080p Firmware Ezviz cs-cv248-a0-32wmfr Ezviz lc1c Ezviz cs-cv310-a0-3c2wfrl-1080p Ezviz cs-cv310-a0-1c2wfr Firmware Ezviz cs-cv310-a0-1b2wfr Firmware Ezviz cs-cv248-a0-32wmfr Firmware Ezviz cs-cv310-a0-1b2wfr Ezviz cs-c6n-b0-1g2wf Ezviz cs-cv310-a0-1c2wfr Ezviz cs-c6n-r101-1g2wf Ezviz lc1c Firmware Ezviz cs-c6n-r101-1g2wf Firmware Ezviz cs-cv310-a0-1c2wfr-c Firmware Ezviz cs-c6n-a0-1c2wfr-mul Firmware Ezviz cs-c6n-a0-1c2wfr-mul |
01 Aug 2023, 18:51
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-01 18:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-34552
Mitre link : CVE-2023-34552
CVE.ORG link : CVE-2023-34552
JSON object : View
Products Affected
ezviz
- cs-c6n-r101-1g2wf
- cs-cv310-a0-1b2wfr
- cs-cv310-a0-1b2wfr_firmware
- cs-cv310-a0-1c2wfr_firmware
- cs-c6n-b0-1g2wf_firmware
- cs-cv310-a0-1c2wfr-c
- cs-cv248-a0-32wmfr
- cs-cv310-a0-1c2wfr
- cs-c6n-a0-1c2wfr-mul
- cs-cv310-a0-3c2wfrl-1080p_firmware
- lc1c
- cs-c6n-a0-1c2wfr-mul_firmware
- cs-cv310-a0-3c2wfrl-1080p
- cs-cv310-a0-1c2wfr-c_firmware
- cs-c6n-b0-1g2wf
- cs-c6n-r101-1g2wf_firmware
- cs-cv248-a0-32wmfr_firmware
- lc1c_firmware
CWE
CWE-787
Out-of-bounds Write