1. Home
  2. CVE Database
  3. CVE-2023-39435
HIGH · 8.8

CVE-2023-39435

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process...

Vulnerability Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ZavioCf7500 Firmwarem2.1.6.05
ZavioCf7500-
ZavioCf7300 Firmwarem2.1.6.05
ZavioCf7300-
ZavioCf7201 Firmwarem2.1.6.05
ZavioCf7201-
ZavioCf7501 Firmwarem2.1.6.05
ZavioCf7501-
ZavioCb3211 Firmwarem2.1.6.05
ZavioCb3211-
ZavioCb3212 Firmwarem2.1.6.05
ZavioCb3212-
ZavioCb5220 Firmwarem2.1.6.05
ZavioCb5220-
ZavioCb6231 Firmwarem2.1.6.05
ZavioCb6231-
ZavioB8520 Firmwarem2.1.6.05
ZavioB8520-
ZavioB8220 Firmwarem2.1.6.05
ZavioB8220-

Related Weaknesses (CWE)

CWE-121CWE-787

References

FAQ

What is CVE-2023-39435?

CVE-2023-39435 is a vulnerability with a CVSS score of 8.8 (HIGH). Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process...

How severe is CVE-2023-39435?

CVE-2023-39435 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39435?

Check the references section above for vendor advisories and patch information. Affected products include: Zavio Cf7500 Firmware, Zavio Cf7500, Zavio Cf7300 Firmware, Zavio Cf7300, Zavio Cf7201 Firmware.