CVE-2023-39435 Vulnerability Details

  /     /     /  

CVE-2023-39435 Metadata Quick Info

CVE Published: 08/11/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: icscert | Vendor: Zavio | Product: IP Camera CF7500
Status : PUBLISHED

---

CVE-2023-39435 Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

Metrics

CVSS Version: 3.1 | Base Score: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-121
CWE Name: CWE-121 Stack-Based Buffer Overflow
Source: Zavio

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).