Vulnerability Details CVE-2023-39435
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321 IP Cameras
with firmware version M2.1.6.05 are
vulnerable to stack-based overflows. During the process of updating
certain settings sent from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.8%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-39435
-
cpe:2.3:h:zavio:b8220:-
-
cpe:2.3:h:zavio:b8520:-
-
cpe:2.3:h:zavio:cb3211:-
-
cpe:2.3:h:zavio:cb3212:-
-
cpe:2.3:h:zavio:cb5220:-
-
cpe:2.3:h:zavio:cb6231:-
-
cpe:2.3:h:zavio:cd321:-
-
cpe:2.3:h:zavio:cf7201:-
-
cpe:2.3:h:zavio:cf7300:-
-
cpe:2.3:h:zavio:cf7500:-
-
cpe:2.3:h:zavio:cf7501:-
-
cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05
-
cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05