Authentication Bypass Vulnerability in Ezviz Products
CVE-2023-48121

5.3MEDIUM

Key Information:

Vendor: Ezviz
Status: Cs-c6n-a0-1c2wfr Firmware
Vendor: CVE Published:; 28 November 2023

What is CVE-2023-48121?

An authentication bypass vulnerability exists in the Direct Connection Module of several Ezviz camera models. This flaw allows remote attackers to bypass authentication mechanisms, enabling unauthorized access to sensitive information by sending specially crafted messages to the devices. Affected devices include the CS-C6N-xxx, CS-CV310-xxx, CS-C6CN-xxx, and CS-C3N-xxx models, all prior to the specified firmware version. Users are advised to update their devices promptly to safeguard against potential exploitation.

References

https://www.ezviz.com/data-security/security-notice/detai...

https://joerngermany.github.io/ezviz_vulnerability/

https://www.hikvision.com/hk/support/cybersecurity/securi...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2023
Vulnerability Reserved
Nov 13, 2023

CVE-2023-48121 Data

JSON