CVE-2023-3959

high-risk
Published 2023-11-08

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (11)

Cf7500 Firmware
Cf7300 Firmware
Cf7201 Firmware
Cf7501 Firmware
Cb3211 Firmware
Cb3212 Firmware
Cb5220 Firmware
Cb6231 Firmware
B8520 Firmware
B8220 Firmware
Cd321 Firmware

Affected Vendors

50
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 16/34 · Moderate