CVE-2023-34552

CVSS Score of 10 (low)

Details

Published Aug 1, 2023
Updated: Aug 7, 2023
CWE ID 787

Summary

CVE-2023-34552 is a vulnerability found in certain EZVIZ products, specifically CS-C6N-B0-1G2WF, CS-C6N-R101-1G2WF, CS-CV310-A0-1B2WFR, CS-CV310-A0-1C2WFR-C, CS-C6N-A0-1C2WFR-MUL, CS-CV310-A0-3C2WFRL-1080p, CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p, CS-CV248-A0-32WMFR, and EZVIZ LC1C. This vulnerability allows an unauthenticated attacker on the same local network as the camera to achieve remote code execution. It is caused by two stack-based buffer overflows in the SADP multicast protocol functions mulicast_parse_sadp_packet and mulicast_get_pack_type. To remediate this issue, users should update their firmware to versions V5.3.0 build 230215 for some models and V5.3.4 build 230214 for EZVIZ LC1C. This vulnerability poses a high danger to organizations as it can lead to unauthorized access and control of the camera, potentially compromising privacy and security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-34552 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database