CVE-2023-34552

Summary

CVE-2023-34552 is a vulnerability affecting select EZVIZ camera models, including CS-C6N-B0-1G2WF, CS-C6N-R101-1G2WF, CS-CV310-A0-1B2WFR, CS-CV310-A0-1C2WFR-C, CS-C6N-A0-1C2WFR-MUL, CS-CV310-A0-3C2WFRL-1080p, CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p, and CS-CV248-A0-32WMFR, as well as the LC1C model. The issue lies in the SADP multicast protocol's mulicast_parse_sadp_packet and mulicast_get_pack_type functions, where two stack-based buffer overflows occur. This vulnerability enables unauthenticated attackers present on the same local network to execute remote code, posing a significant threat. Firmware versions prior to V5.3.0 build 230215 for some models and before specific builds for others are impacted. It is crucial for users to update their camera firmware to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.