CVE-2022-2472
Improper Initialization vulnerability in local server authentication logic
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.
Una vulnerabilidad de inicialización inapropiada en el componente del servidor local de EZVIZ CS-C6N-A0-1C2WFR, permite a un atacante local leer el contenido del espacio de memoria que contiene la contraseña de administrador cifrada. Este problema afecta a: EZVIZ CS-C6N-A0-1C2WFR versiones anteriores a 5.3.0 build 220428
*Credits:
Bitdefender Labs
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-19 CVE Reserved
- 2022-09-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-665: Improper Initialization
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ezviz Search vendor "Ezviz" | Cs-c6n-a0-1c2wfr Firmware Search vendor "Ezviz" for product "Cs-c6n-a0-1c2wfr Firmware" | 5.3.0 Search vendor "Ezviz" for product "Cs-c6n-a0-1c2wfr Firmware" and version "5.3.0" | build220428 |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-c6n-a0-1c2wfr Search vendor "Ezviz" for product "Cs-c6n-a0-1c2wfr" | - | - |
Safe
|