CVE-2023-39435

HIGH

Zavio Cf7500 Firmware - Out-of-Bounds Write

Title source: rule

Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

References (1)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03

Scores

CVSS v3 8.8

EPSS 0.0034

EPSS Percentile 56.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-121 CWE-787

Status published

Affected Products (11)

zavio/cf7500_firmware

zavio/cf7300_firmware

zavio/cf7201_firmware

zavio/cf7501_firmware

zavio/cb3211_firmware

zavio/cb3212_firmware

zavio/cb5220_firmware

zavio/cb6231_firmware

zavio/b8520_firmware

zavio/b8220_firmware

zavio/cd321_firmware

Timeline

Published Nov 08, 2023

Tracked Since Feb 18, 2026