Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-34551

EPSS 3.23% · P87
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-34551

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
EZVIZ CS Series 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
EZVIZ CS Series是中国萤石(EZVIZ)公司的一系列摄像头。 EZVIZ CS Series 存在安全漏洞,该漏洞源于ZVIZ SDK 命令服务器的 netClientSetWlanCfg 函数中存在两个堆栈缓冲区溢出,允许与摄像机位于同一本地网络上的经过身份验证的攻击者实现远程代码执行,以下产品和版本受到影响:CS-C6N-B0-1G2WF V5.3.0(build 230215)之前版本、CS-C6N-R101-1G2WF V5.3.0(build 230215)之前版本、 CS-CV3
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2023-34551

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-34551

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-08-01 · 30 CVEs total

CVE-2023-334939.8 CRITICALPrestaShop 代码问题漏洞
CVE-2023-261397.5 HIGHunderscore-keypath 安全漏洞
CVE-2023-36210MotoCMS 注入漏洞
CVE-2023-36121e107 跨站脚本漏洞
CVE-2023-38990Jeesite 安全漏洞
CVE-2023-33560PHPJabbers Time Slots Booking Calendar 跨站脚本漏洞
CVE-2023-33561PHPJabbers Time Slots Booking Calendar 安全漏洞
CVE-2023-33562PHPJabbers Time Slots Booking Calendar 安全漏洞
CVE-2023-33563PHPJabbers Time Slots Booking Calendar 授权问题漏洞
CVE-2023-33564PHPJabbers Time Slots Booking Calendar 跨站脚本漏洞
CVE-2023-34869PHPJabbers Time Slots Booking Calendar 跨站脚本漏洞
CVE-2023-36118Faculty Evaulation System 跨站脚本漏洞
CVE-2023-36351Viatom Health ViHealth 安全漏洞
CVE-2023-34552EZVIZ CS Series 缓冲区错误漏洞
CVE-2023-39147Uvdesk 代码问题漏洞
CVE-2023-36984Lavalite CMS 安全漏洞
CVE-2023-36211Barebones CMS 跨站脚本漏洞
CVE-2022-39986RaspAP 命令注入漏洞
CVE-2022-39987RaspAP 命令注入漏洞
CVE-2023-31710TP-LINK Archer AX21 缓冲区错误漏洞

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2023-34551

No comments yet

Leave a comment