09 Nov 2023
Vulnérabilité CVE-2023-43755 CVE Vulnerability
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. (CVSS:9.8) (Last Update:2023-11-08 23:15:11)
Vulnerability Details :
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
Vulnerability category:Execute code
Exploit prediction scoring system (EPSS) score for CVE-2023-43755
We don't have an EPSS score for this CVE yet EPSS FAQ
CVSS scores for CVE-2023-43755
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 | Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. |
CWE ids for CVE-2023-43755
- A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. (Secondary)
References for CVE-2023-43755
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03 Zavio IP Camera | CISA