CVE-2023-34552

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 1, 2023
Updated: Aug 7, 2023
CWE ID 787

Summary

CVE-2023-34552 is a vulnerability affecting select EZVIZ camera models, including CS-C6N-B0-1G2WF, CS-C6N-R101-1G2WF, CS-CV310-A0-1B2WFR, CS-CV310-A0-1C2WFR-C, CS-C6N-A0-1C2WFR-MUL, CS-CV310-A0-3C2WFRL-1080p, CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p, and CS-CV248-A0-32WMFR, as well as the LC1C model. The issue lies in the SADP multicast protocol's mulicast_parse_sadp_packet and mulicast_get_pack_type functions, where two stack-based buffer overflows occur. This vulnerability enables unauthenticated attackers present on the same local network to execute remote code, posing a significant threat. Firmware versions prior to V5.3.0 build 230215 for some models and before specific builds for others are impacted. It is crucial for users to update their camera firmware to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-34552 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database