CVE-2023-34552

Severity CVSS v4.0:

Pending analysis

Type:

CWE-787 Out-of-bounds Write

Publication date:

01/08/2023

Last modified:

12/02/2025

Description

In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 8.80 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

8.80

Severity 3.x

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware::::::::		5.3.0 (including)
cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:::::::*
cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware::::::::		5.3.0 (including)
cpe:2.3:h:ezviz:cs-c6n-r101-1g2wf:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-1b2wfr_firmware::::::::		5.3.0 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-1b2wfr:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr-c_firmware::::::::		5.3.2 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr-c:-:::::::*
cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware::::::::		5.3.2 (including)
cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr-mul:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-3c2wfrl-1080p_firmware::::::::		5.2.7 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-3c2wfrl-1080p:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware::::::::		5.3.2 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:::::::*
cpe:2.3:o:ezviz:cs-cv248-a0-32wmfr_firmware::::::::		5.2.3 (including)

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware::::::::		5.3.0 (including)
cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:::::::*
cpe:2.3:o:ezviz:cs-c6n-r101-1g2wf_firmware::::::::		5.3.0 (including)
cpe:2.3:h:ezviz:cs-c6n-r101-1g2wf:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-1b2wfr_firmware::::::::		5.3.0 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-1b2wfr:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr-c_firmware::::::::		5.3.2 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr-c:-:::::::*
cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr-mul_firmware::::::::		5.3.2 (including)
cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr-mul:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-3c2wfrl-1080p_firmware::::::::		5.2.7 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-3c2wfrl-1080p:-:::::::*
cpe:2.3:o:ezviz:cs-cv310-a0-1c2wfr_firmware::::::::		5.3.2 (including)
cpe:2.3:h:ezviz:cs-cv310-a0-1c2wfr:-:::::::*
cpe:2.3:o:ezviz:cs-cv248-a0-32wmfr_firmware::::::::		5.2.3 (including)

CVE-2023-34552

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools