CVE-2023-4249

HIGH

Zavio IP Cameras <M2.1.6.05 - Command Injection

Title source: llm
STIX 2.1

Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03

Scores

CVSS v3 8.8
EPSS 0.1039
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-121 CWE-78
Status published
Products (11)
zavio/b8220_firmware m2.1.6.05
zavio/b8520_firmware m2.1.6.05
zavio/cb3211_firmware m2.1.6.05
zavio/cb3212_firmware m2.1.6.05
zavio/cb5220_firmware m2.1.6.05
zavio/cb6231_firmware m2.1.6.05
zavio/cd321_firmware m2.1.6.05
zavio/cf7201_firmware m2.1.6.05
zavio/cf7300_firmware m2.1.6.05
zavio/cf7500_firmware m2.1.6.05
... and 1 more
Published Nov 08, 2023
Tracked Since Feb 18, 2026