{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:18:04.990","vulnerabilities":[{"cve":{"id":"CVE-2023-39435","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2023-11-08T23:15:08.310","lastModified":"2024-11-21T08:15:25.190","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"ics-cert@hq.dhs.gov","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 IP Cameras \n\nwith firmware version M2.1.6.05 are \nvulnerable to stack-based overflows. During the process of updating \ncertain settings sent from incoming network requests, the product does \nnot sufficiently check or validate allocated buffer size. This may lead \nto remote code execution.\n\n"},{"lang":"es","value":"IP Cameras Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220 y CD321 con versión de firmware M2.1.6.05 son vulnerables a desbordamientos basados en pila. Durante el proceso de actualización de ciertas configuraciones enviadas desde solicitudes de red entrantes, el producto no verifica ni valida suficientemente el tamaño del búfer asignado. Esto puede provocar la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"D543FC87-52FF-4BC4-BE57-949BB23D88AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:*","matchCriteriaId":"30F595D2-3CB4-4444-A01F-CE38CBE2D0DC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"3FA43E48-E3D0-4913-9040-BF11D9E61385"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:*","matchCriteriaId":"B008EE1F-5B08-417A-8206-20F1362DB911"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"7A6E3CDA-3C8B-4894-A42A-CFC5AA077047"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:*","matchCriteriaId":"B5240BE7-31E4-4A40-A480-E744E3CAEA3A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"5CF6549F-9E86-4B45-8B60-BB62BEB72B19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:*","matchCriteriaId":"9285F916-50BE-4E41-8EF3-97D882B54CD6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"3F7DBB50-D334-493F-B661-04C798383D29"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:*","matchCriteriaId":"1C32A113-76F5-4EBD-BD15-EFBB17F0942C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"883549EB-5A5B-437E-8B10-D7C691142B92"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:*","matchCriteriaId":"FC86EF14-298F-414E-8558-1D025CDF6057"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"C43C9ED3-167E-4424-841E-50A56FF398F0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:*","matchCriteriaId":"AFEC44B0-C2C7-4306-91CA-AA841B23498D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"1E8483A6-426F-4595-8B7F-1FC04E9B31FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cb6231:-:*:*:*:*:*:*:*","matchCriteriaId":"766018BD-DD32-420A-9511-D97D9DE46BBA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"779DE260-60AA-465E-957D-B7502E806863"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:b8520:-:*:*:*:*:*:*:*","matchCriteriaId":"F60E1FE1-F2E8-4BF7-A33D-4ED4D72BF360"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"99AC7EEC-C4A5-4F79-9608-D02E29356217"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:b8220:-:*:*:*:*:*:*:*","matchCriteriaId":"8623A941-0514-49BD-967D-E347F6F99329"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05:*:*:*:*:*:*:*","matchCriteriaId":"35DCACBC-6483-4113-BC77-041BE4D692F9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zavio:cd321:-:*:*:*:*:*:*:*","matchCriteriaId":"4E906053-BE44-45B4-AD08-D7DFCFD5EDF2"}]}]}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}