9.8
CVE-2023-39435
- EPSS 0.34%
- Published 08.11.2023 23:15:08
- Last modified 21.11.2024 08:15:25
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
Data is provided by the National Vulnerability Database (NVD)
Zavio ≫ Cf7500 Firmware Versionm2.1.6.05
Zavio ≫ Cf7300 Firmware Versionm2.1.6.05
Zavio ≫ Cf7201 Firmware Versionm2.1.6.05
Zavio ≫ Cf7501 Firmware Versionm2.1.6.05
Zavio ≫ Cb3211 Firmware Versionm2.1.6.05
Zavio ≫ Cb3212 Firmware Versionm2.1.6.05
Zavio ≫ Cb5220 Firmware Versionm2.1.6.05
Zavio ≫ Cb6231 Firmware Versionm2.1.6.05
Zavio ≫ B8520 Firmware Versionm2.1.6.05
Zavio ≫ B8220 Firmware Versionm2.1.6.05
Zavio ≫ Cd321 Firmware Versionm2.1.6.05
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.556 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.