CVE-2023-48121
MEDIUMEzviz CS-C6N CS-CV310 CS-C6CN CS-C3N < v5.3.x build 20230401 - Authentication Bypass in Direct Connection Module
Title source: llmDescription
An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices.
References (3)
Core 3
Core References
Various Sources
https://joerngermany.github.io/ezviz_vulnerability/
Various Sources
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/
Vendor Advisory
https://www.ezviz.com/data-security/security-notice/detail/911
Scores
CVSS v3
5.3
EPSS
0.0083
EPSS Percentile
52.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-287
Status
published
Products (4)
ezviz/cs-c3n-a0-3h2wfrl_firmware
ezviz/cs-c6cn-a0-3h2wfr_firmware
ezviz/cs-c6n-a0-1c2wfr_firmware
ezviz/cs-cv310-a0-1c2wfr_firmware
Published
Nov 28, 2023
Tracked Since
Feb 18, 2026