CVE-2023-43755

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
 CB6231, B8520, B8220, and CD321 

IP Cameras 

with firmware version M2.1.6.05 are 
vulnerable to multiple instances of stack-based overflows. During the 
processing and parsing of certain fields in XML elements from incoming 
network requests, the product does not sufficiently check or validate 
allocated buffer size. This may lead to remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03