CVE-2023-34551
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).
En ciertos productos EZVIZ, dos desbordamientos de búfer de pila en la función netClientSetWlanCfg del servidor de comandos EZVIZ SDK pueden permitir a un atacante autenticado presente en la misma red local que la cámara lograr la ejecución remota de código. Esto afecta a las versiones de firmware CS-C6N-B0-1G2WF anteriores a V5.3.0 build 230215 y CS-C6N-R101-1G2WF anteriores a V5.3.0 build 230215 y CS-CV310-A0-1B2WFR anteriores a V5.3.0 build 230221 y CS-CV310-A0-1C2WFR-C anteriores a V5.3.2 build 230221 y a las versiones de firmware CS-C6N-A0-1C2WFR-MUL anteriores a V5.3.2 build 230218 y a las versiones de firmware CS-CV310-A0-3C2WFRL-1080p anteriores a V5.2.7 build 230302 y a las versiones de firmware CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p anteriores a V5.3.2 build 230214 y a las versiones de firmware CS-CV248-A0-32WMFR anteriores a V5.2.3 build 230217 y las versiones de firmware EZVIZ LC1C anteriores a V5.3.4 build 230214.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-06-07 CVE Reserved
- 2023-08-01 CVE Published
- 2024-10-21 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://ezviz.com | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ezviz.com/data-security/security-notice/detail/827 | 2023-08-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ezviz Search vendor "Ezviz" | Cs-c6n-b0-1g2wf Firmware Search vendor "Ezviz" for product "Cs-c6n-b0-1g2wf Firmware" | <= 5.3.0 Search vendor "Ezviz" for product "Cs-c6n-b0-1g2wf Firmware" and version " <= 5.3.0" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-c6n-b0-1g2wf Search vendor "Ezviz" for product "Cs-c6n-b0-1g2wf" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Cs-c6n-r101-1g2wf Firmware Search vendor "Ezviz" for product "Cs-c6n-r101-1g2wf Firmware" | <= 5.3.0 Search vendor "Ezviz" for product "Cs-c6n-r101-1g2wf Firmware" and version " <= 5.3.0" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-c6n-r101-1g2wf Search vendor "Ezviz" for product "Cs-c6n-r101-1g2wf" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Cs-cv310-a0-1b2wfr Firmware Search vendor "Ezviz" for product "Cs-cv310-a0-1b2wfr Firmware" | <= 5.3.0 Search vendor "Ezviz" for product "Cs-cv310-a0-1b2wfr Firmware" and version " <= 5.3.0" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-cv310-a0-1b2wfr Search vendor "Ezviz" for product "Cs-cv310-a0-1b2wfr" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Cs-cv310-a0-1c2wfr-c Firmware Search vendor "Ezviz" for product "Cs-cv310-a0-1c2wfr-c Firmware" | <= 5.3.2 Search vendor "Ezviz" for product "Cs-cv310-a0-1c2wfr-c Firmware" and version " <= 5.3.2" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-cv310-a0-1c2wfr-c Search vendor "Ezviz" for product "Cs-cv310-a0-1c2wfr-c" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Cs-c6n-a0-1c2wfr-mul Firmware Search vendor "Ezviz" for product "Cs-c6n-a0-1c2wfr-mul Firmware" | <= 5.3.2 Search vendor "Ezviz" for product "Cs-c6n-a0-1c2wfr-mul Firmware" and version " <= 5.3.2" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-c6n-a0-1c2wfr-mul Search vendor "Ezviz" for product "Cs-c6n-a0-1c2wfr-mul" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Cs-cv310-a0-3c2wfrl-1080p Firmware Search vendor "Ezviz" for product "Cs-cv310-a0-3c2wfrl-1080p Firmware" | <= 5.2.7 Search vendor "Ezviz" for product "Cs-cv310-a0-3c2wfrl-1080p Firmware" and version " <= 5.2.7" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-cv310-a0-3c2wfrl-1080p Search vendor "Ezviz" for product "Cs-cv310-a0-3c2wfrl-1080p" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Cs-cv310-a0-1c2wfr Firmware Search vendor "Ezviz" for product "Cs-cv310-a0-1c2wfr Firmware" | <= 5.3.2 Search vendor "Ezviz" for product "Cs-cv310-a0-1c2wfr Firmware" and version " <= 5.3.2" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-cv310-a0-1c2wfr Search vendor "Ezviz" for product "Cs-cv310-a0-1c2wfr" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Cs-cv248-a0-32wmfr Firmware Search vendor "Ezviz" for product "Cs-cv248-a0-32wmfr Firmware" | <= 5.2.3 Search vendor "Ezviz" for product "Cs-cv248-a0-32wmfr Firmware" and version " <= 5.2.3" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Cs-cv248-a0-32wmfr Search vendor "Ezviz" for product "Cs-cv248-a0-32wmfr" | - | - |
Safe
|
| Ezviz Search vendor "Ezviz" | Lc1c Firmware Search vendor "Ezviz" for product "Lc1c Firmware" | <= 5.3.4 Search vendor "Ezviz" for product "Lc1c Firmware" and version " <= 5.3.4" | - |
Affected
| in | Ezviz Search vendor "Ezviz" | Lc1c Search vendor "Ezviz" for product "Lc1c" | - | - |
Safe
|