An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
21 Nov 2024, 08:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://joerngermany.github.io/ezviz_vulnerability/ - | |
References | () https://www.ezviz.com/data-security/security-notice/detail/911 - Vendor Advisory | |
References | () https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/ - |
09 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Dec 2023, 19:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-c6cn-a0-3h2wfr_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:* cpe:2.3:o:ezviz:cs-c3n-a0-3h2wfrl_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-c6cn-a0-3h2wfr:-:*:*:*:*:*:*:* cpe:2.3:h:ezviz:cs-c3n-a0-3h2wfrl:-:*:*:*:*:*:*:* |
|
CWE | CWE-287 | |
First Time |
Ezviz cs-c6cn-a0-3h2wfr Firmware
Ezviz cs-c3n-a0-3h2wfrl Ezviz cs-cv310-a0-1c2wfr Ezviz cs-c6n-a0-1c2wfr Ezviz cs-c3n-a0-3h2wfrl Firmware Ezviz cs-cv310-a0-1c2wfr Firmware Ezviz cs-c6cn-a0-3h2wfr Ezviz Ezviz cs-c6n-a0-1c2wfr Firmware |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://www.ezviz.com/data-security/security-notice/detail/911 - Vendor Advisory |
28 Nov 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-28 19:15
Updated : 2024-11-21 08:31
NVD link : CVE-2023-48121
Mitre link : CVE-2023-48121
CVE.ORG link : CVE-2023-48121
JSON object : View
Products Affected
ezviz
- cs-cv310-a0-1c2wfr
- cs-c3n-a0-3h2wfrl
- cs-c6cn-a0-3h2wfr
- cs-c6cn-a0-3h2wfr_firmware
- cs-c3n-a0-3h2wfrl_firmware
- cs-c6n-a0-1c2wfr
- cs-c6n-a0-1c2wfr_firmware
- cs-cv310-a0-1c2wfr_firmware
CWE
CWE-287
Improper Authentication