CVE-2026-32683

MEDIUM

EZVIZ APP - Information Disclosure

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-32683. PoCs published by ByteWraith1.

AI-analyzed exploit summary The repository claims to provide an exploit for CVE-2026-32683 but lacks actual exploit code, instead directing users to an external download link. The README contains vague descriptions without technical details about the vulnerability or exploitation process.

Description

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.

Exploits (1)

github SUSPICIOUS
by ByteWraith1 · poc
https://github.com/ByteWraith1/CVE-2026-32683

The repository claims to provide an exploit for CVE-2026-32683 but lacks actual exploit code, instead directing users to an external download link. The README contains vague descriptions without technical details about the vulnerability or exploitation process.

Classification
Suspicious 90%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: Ezviz video surveillance products
No auth needed
Prerequisites: none specified
devstral-2 · analyzed May 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.3
EPSS 0.0000
EPSS Percentile 0.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-319
Status published
Products (2)
EZVIZ/EZVIZ APP Android: Versions prior to 7.3.0.0210
EZVIZ/EZVIZ APP iOS: Versions prior to 7.3.1
Published May 09, 2026
Tracked Since May 09, 2026