CVE-2023-3959

CRITICAL

Zavio IP Cameras Firmware M2.1.6.05 - Stack-based Buffer Overflow in XML Element Processing

Title source: llm
STIX 2.1

Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03

Scores

CVSS v3 9.8
EPSS 0.4040
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-121 CWE-787
Status published
Products (11)
zavio/b8220_firmware m2.1.6.05
zavio/b8520_firmware m2.1.6.05
zavio/cb3211_firmware m2.1.6.05
zavio/cb3212_firmware m2.1.6.05
zavio/cb5220_firmware m2.1.6.05
zavio/cb6231_firmware m2.1.6.05
zavio/cd321_firmware m2.1.6.05
zavio/cf7201_firmware m2.1.6.05
zavio/cf7300_firmware m2.1.6.05
zavio/cf7500_firmware m2.1.6.05
... and 1 more
Published Nov 08, 2023
Tracked Since Feb 18, 2026