CVE-2023-3959
published 2023-11-08CVE-2023-3959: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to…
PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
40.40%
98.5th percentile
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zavio | b8220_firmware | — | — |
| zavio | b8520_firmware | — | — |
| zavio | cb3211_firmware | — | — |
| zavio | cb3212_firmware | — | — |
| zavio | cb5220_firmware | — | — |
| zavio | cb6231_firmware | — | — |
| zavio | cd321_firmware | — | — |
| zavio | cf7201_firmware | — | — |
| zavio | cf7300_firmware | — | — |
| zavio | cf7500_firmware | — | — |
| zavio | cf7501_firmware | — | — |
| zavio | ip_camera_b8220 | — | — |
| zavio | ip_camera_b8520 | — | — |
| zavio | ip_camera_cb3211 | — | — |
| zavio | ip_camera_cb3212 | — | — |
| zavio | ip_camera_cb5220 | — | — |
| zavio | ip_camera_cb6231 | — | — |
| zavio | ip_camera_cd321 | — | — |
| zavio | ip_camera_cf7201 | — | — |
| zavio | ip_camera_cf7300 | — | — |
| zavio | ip_camera_cf7500 | — | — |
| zavio | ip_camera_cf7501 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger vector is incoming network requests containing XML elements; monitor for malformed or oversized XML payloads sent to Zavio IP Camera HTTP/network service ports ↗
- →Affected firmware version is M2.1.6.05 across all listed Zavio IP Camera models (CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, CD321); fingerprint devices running this version as high-priority targets ↗
- →Vulnerability is exploitable remotely with no authentication and low attack complexity (CVSS AV:N/AC:L/PR:N/UI:N); prioritize blocking unauthenticated external access to these devices at the network perimeter ↗
- →Stack-based buffer overflow is triggered during processing and parsing of specific XML element fields from network requests; inspect network traffic for unusually large XML field values destined for Zavio camera endpoints ↗
- ·Affected products are end-of-life with no firmware fix available; vendor Zavio is no longer in business, so no patch-based remediation exists — detection and network isolation are the only mitigations ↗
- ·No known public exploitation has been reported at time of advisory publication; however, CVSS 9.8 score and unauthenticated remote vector make these devices extremely high risk if internet-exposed ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw58-crph-crhm: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2
ghsa_unreviewed·2023-11-09
CVE-2023-3959 [CRITICAL] CWE-121 GHSA-xw58-crph-crhm: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While
processing XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
CISA ICS
Zavio IP Camera
cisa_ics·2023-10-31·CVSS 9.8
[CRITICAL] Zavio IP Camera
ICS Advisory
##
Zavio IP Camera
Release DateOctober 31, 2023
Alert CodeICSA-23-304-03
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Zavio
- Equipment: IP Camera
- Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer, OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Zavio IP Cameras are affected:
- CF7500: version M2.1.6.05
- CF7300: version M2.1.6.05
- CF7201: version M2.1.6.05
- CF7501: version M2.1.6.05
- CB3211: version M2.1.6.05
- CB3212: version M2.1.6.05
- CB5220: version M2.1.6.05
- CB623
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-08
Published