CVE-2023-45225

Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras  with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

Reserved 2023-10-10 | Published 2023-11-08 | Updated 2025-01-16 | Assigner icscert

Problem types

CWE-121 Stack-Based Buffer Overflow

Product status

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Default status
unaffected

version M2.1.6.05
affected

Credits

Attila Szasz finder

References

www.cisa.gov/news-events/ics-advisories/icsa-23-304-03

cve.org (CVE-2023-45225)

nvd.nist.gov (CVE-2023-45225)

Download JSON