CVE-2023-39435
HIGHZavio IP Cameras Firmware M2.1.6.05 - Stack-based Buffer Overflow
Title source: llmDescription
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
Scores
CVSS v3
8.8
EPSS
0.0123
EPSS Percentile
65.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
CWE-787
Status
published
Products (11)
zavio/b8220_firmware
m2.1.6.05
zavio/b8520_firmware
m2.1.6.05
zavio/cb3211_firmware
m2.1.6.05
zavio/cb3212_firmware
m2.1.6.05
zavio/cb5220_firmware
m2.1.6.05
zavio/cb6231_firmware
m2.1.6.05
zavio/cd321_firmware
m2.1.6.05
zavio/cf7201_firmware
m2.1.6.05
zavio/cf7300_firmware
m2.1.6.05
zavio/cf7500_firmware
m2.1.6.05
... and 1 more
Published
Nov 08, 2023
Tracked Since
Feb 18, 2026