CVE-2023-45225

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
 CB6231, B8520, B8220, and CD321 

IP Cameras with firmware version M2.1.6.05 are 
vulnerable to multiple instances of stack-based overflows. While parsing
 certain XML elements from incoming network requests, the product does 
not sufficiently check or validate allocated buffer size. This may lead 
to remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
icscertCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03