EZVIZ CS-C6-21WFR-8 Vulnerability: Improper Certificate Validation Can Lead to Remote Attack
CVE-2024-4063

3.7LOW

Key Information:

Vendor: Ezviz
Status: Cs-c6-21wfr-8
Vendor: CVE Published:; 23 April 2024

What is CVE-2024-4063?

A vulnerability was found in EZVIZ CS-C6-21WFR-8 5.2.7 Build 170628. It has been classified as problematic. This affects an unknown part of the component Davinci Application. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-261789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

CS-C6-21WFR-8 5.2.7 Build 170628

References

https://vuldb.com/?id.261789

vdb-entry

https://vuldb.com/?ctiid.261789

signaturepermissions-required

https://vuldb.com/?submit.316408

third-party-advisory

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2024
Vulnerability Reserved
Apr 23, 2024

Credit

kaizheng (VulDB User)

CVE-2024-4063 Data

JSON

Ezviz

What is CVE-2024-4063?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit