Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component
CVE-2022-2471

9.9CRITICAL

Key Information:

Vendor: Ezviz
Status: Cs-cv248; Cs-c6n-a0-1c2wfr; Cs-db1c-a0-1e2w2fr; Cs-c6n-b0-1g2wf
Vendor: CVE Published:; 15 September 2022

What is CVE-2022-2471?

Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.

Affected Version(s)

CS-C3W-A0-3H4WFRL < 5.3.5 build 220723

CS-C6N-A0-1C2WFR < 5.3.0 build 220428

CS-C6N-B0-1G2WF < 5.3.0 build 220712

References

https://www.bitdefender.com/blog/labs/vulnerabilities-ide...

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2022
Vulnerability Reserved
Jul 19, 2022

Credit

Bitdefender Labs

CVE-2022-2471 Data

JSON

Ezviz

What is CVE-2022-2471?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit