cbcvebase.
CVE-2023-33220
published 2023-12-15

CVE-2023-33220: During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.14%
62.5th percentile
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device

Affected

14 ranges
VendorProductVersion rangeFixed in
idemiamorphowave_compact_firmware< 2.12.22.12.2
idemiamorphowave_compact_xp< 2.12.22.12.2
idemiamorphowave_sp< 1.2.71.2.7
idemiamorphowave_sp_firmware< 1.2.71.2.7
idemiamorphowave_xp_firmware< 2.12.22.12.2
idemiasigma_extreme< 4.15.54.15.5
idemiasigma_extreme_firmware< 4.15.54.15.5
idemiasigma_lite_+_firmware< 4.15.54.15.5
idemiasigma_lite_firmware< 4.15.54.15.5
idemiasigma_lite_lite< 4.15.54.15.5
idemiasigma_wide< 4.15.54.15.5
idemiasigma_wide_firmware< 4.15.54.15.5
idemiavisionpass< 2.12.22.12.2
idemiavisionpass_firmware< 2.12.22.12.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.