Unauthorized Remote Code Execution in EZVIZ Network Cameras Due to Stack-Based Buffer Overflows
CVE-2023-34552

8.8HIGH

Key Information:

Vendor: Ezviz
Status: Cs-c6n-b0-1g2wf Firmware
Vendor: CVE Published:; 1 August 2023

What is CVE-2023-34552?

EZVIZ products are susceptible to security issues due to stack-based buffer overflows found in the multicast_parse_sadp_packet and multicast_get_pack_type functions within the SADP multicast protocol. These vulnerabilities enable an unauthenticated attacker situated on the same local network to execute arbitrary code remotely. This compromises the security of several firmware versions across multiple devices. Immediate updates and security patches are essential to safeguard these network cameras against potential exploitation.

References

http://ezviz.com

https://www.ezviz.com/data-security/security-notice/detai...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2023
Vulnerability Reserved
Jun 7, 2023

CVE-2023-34552 Data

JSON

Ezviz

What is CVE-2023-34552?

References

CVSS V3.1

Timeline