Remote Code Execution Vulnerability in EZVIZ Network Cameras
CVE-2023-34551

8HIGH

Key Information:

Vendor: Ezviz
Status: Cs-c6n-b0-1g2wf Firmware
Vendor: CVE Published:; 1 August 2023

What is CVE-2023-34551?

Certain EZVIZ cameras are exposed to a stack buffer overflow vulnerability within the netClientSetWlanCfg function of the EZVIZ SDK command server. An authenticated attacker, with access to the local network, could exploit this issue to execute arbitrary code remotely, compromising the security of the affected devices. This vulnerability affects several EZVIZ camera models and requires timely updates to mitigate potential risks.

References

http://ezviz.com

https://www.ezviz.com/data-security/security-notice/detai...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2023
Vulnerability Reserved
Jun 7, 2023

CVE-2023-34551 Data

JSON

Ezviz

What is CVE-2023-34551?

References

CVSS V3.1

Timeline