CVE-2023-39435

EUVD-2023-43159
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
 CB6231, B8520, B8220, and CD321 IP Cameras 

with firmware version M2.1.6.05 are 
vulnerable to stack-based overflows. During the process of updating 
certain settings sent from incoming network requests, the product does 
not sufficiently check or validate allocated buffer size. This may lead 
to remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
icscertCNA
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03