Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-34552

Published: 01/08/2023 Updated: 07/08/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Cs-c6n-b0-1g2wf Firmware

Vulnerability Summary

In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.

Vulnerable Product Search on Vulmon Subscribe to Product

ezviz cs-c6n-b0-1g2wf_firmware

ezviz cs-c6n-r101-1g2wf_firmware

ezviz cs-cv310-a0-1b2wfr_firmware

ezviz cs-cv310-a0-1c2wfr-c_firmware

ezviz cs-c6n-a0-1c2wfr-mul_firmware

ezviz cs-cv310-a0-3c2wfrl-1080p_firmware

ezviz cs-cv310-a0-1c2wfr_firmware

ezviz cs-cv248-a0-32wmfr_firmware

ezviz lc1c_firmware

Github Repositories

https://github.com/infobyte/ezviz_lan_rce

ezviz_lan_rce This repository contains the slides and PoC videos for the talk SADProtocol goes to Hollywood which was presented at DEF CON 31 Hardware Hacking Village You can also find the docker image to build binaries that run on the camera and the proof of concept exploits for CVE-2023-34551 and CVE-2023-34552

References

CWE-787http://ezviz.comhttps://www.ezviz.com/data-security/security-notice/detail/827https://nvd.nist.govhttps://github.com/infobyte/ezviz_lan_rce
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook