CVE-2023-34552

CVSS Score of 10 (low)

Details

Published Aug 1, 2023
Updated: Aug 7, 2023
CWE ID 787

Summary

CVE-2023-34552 is a vulnerability found in certain EZVIZ products, specifically CS-C6N-B0-1G2WF, CS-C6N-R101-1G2WF, CS-CV310-A0-1B2WFR, CS-CV310-A0-1C2WFR-C, CS-C6N-A0-1C2WFR-MUL, CS-CV310-A0-3C2WFRL-1080p, CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p, CS-CV248-A0-32WMFR, and EZVIZ LC1C. This vulnerability allows an unauthenticated attacker on the same local network as the camera to achieve remote code execution. It is caused by two stack-based buffer overflows in the SADP multicast protocol functions mulicast_parse_sadp_packet and mulicast_get_pack_type. To remediate this issue, users should update their firmware to versions V5.3.0 build 230215 for some models and V5.3.4 build 230214 for EZVIZ LC1C. This vulnerability poses a high danger to organizations as it can lead to unauthorized access and control of the camera, potentially compromising privacy and security.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-34552 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options