cbcvebase.
CVE-2023-43755
published 2023-11-08

CVE-2023-43755: Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.26%
65.9th percentile
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

Affected

22 ranges
VendorProductVersion rangeFixed in
zaviob8220_firmware
zaviob8520_firmware
zaviocb3211_firmware
zaviocb3212_firmware
zaviocb5220_firmware
zaviocb6231_firmware
zaviocd321_firmware
zaviocf7201_firmware
zaviocf7300_firmware
zaviocf7500_firmware
zaviocf7501_firmware
zavioip_camera_b8220
zavioip_camera_b8520
zavioip_camera_cb3211
zavioip_camera_cb3212
zavioip_camera_cb5220
zavioip_camera_cb6231
zavioip_camera_cd321
zavioip_camera_cf7201
zavioip_camera_cf7300
zavioip_camera_cf7500
zavioip_camera_cf7501

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition: stack-based buffer overflow occurs during processing and parsing of certain fields in XML elements from incoming network requests — monitor for anomalously large or malformed XML field values in HTTP/S requests directed at Zavio IP Camera management interfaces
  • Affected firmware version is M2.1.6.05 across all listed Zavio IP Camera models (CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, CD321) — fingerprint devices on the network by firmware banner to identify exposure
  • Vulnerability is exploitable remotely with no authentication and low attack complexity (AV:N/AC:L/PR:N/UI:N) — any unauthenticated network request carrying crafted XML can trigger the overflow; prioritize blocking external access to camera management ports
  • ·Affected products are end-of-life with no vendor patches available; no firmware fix will be released — detection and network isolation are the only mitigations
  • ·No known public exploitation of CVE-2023-43755 has been reported to CISA at time of advisory publication — threat level may change
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.