CVE-2022-2471 - Vulnerability Details

Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ezviz	Cs-c3w-a0-3h4wfrl Cs-c3w-a0-3h4wfrl Firmware Cs-c6n-a0-1c2wfr Cs-c6n-a0-1c2wfr Firmware Cs-c6n-b0-1g2wf Cs-c6n-b0-1g2wf Firmware Cs-cv248 Cs-cv248 Firmware Cs-db1c-a0-1e2w2fr Cs-db1c-a0-1e2w2fr Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build201719:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ezviz:cs-db1c-a0-1e2w2fr_firmware:5.3.0:build211208:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-db1c-a0-1e2w2fr:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:5.3.0:build210731:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ezviz:cs-c3w-a0-3h4wfrl_firmware:5.3.5:build220120:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c3w-a0-3h4wfrl:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ezviz:cs-cv248_firmware:5.2.1:build180403:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-cv248:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-09-15T13:15:15.916218Z

Updated: 2024-09-16T16:57:55.973Z

Reserved: 2022-07-19T00:00:00

Link: CVE-2022-2471

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-15T14:15:09.640

Modified: 2024-11-21T07:01:03.510

Link: CVE-2022-2471

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object