CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.0%
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
Vendor | Product | Version | CPE |
---|---|---|---|
zavio | cf7500_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:* |
zavio | cf7500 | - | cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:* |
zavio | cf7300_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:* |
zavio | cf7300 | - | cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:* |
zavio | cf7201_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:* |
zavio | cf7201 | - | cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:* |
zavio | cf7501_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:* |
zavio | cf7501 | - | cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:* |
zavio | cb3211_firmware | m2.1.6.05 | cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:* |
zavio | cb3211 | - | cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:* |