CVE-2022-2471 - OpenCVE

Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ezviz	Cs-db1c-a0-1e2w2fr Firmware Cs-cv248 Firmware Cs-c3w-a0-3h4wfrl Cs-c3w-a0-3h4wfrl Firmware Cs-cv248 Cs-db1c-a0-1e2w2fr Cs-c6n-a0-1c2wfr Firmware Cs-c6n-a0-1c2wfr Cs-c6n-b0-1g2wf Firmware Cs-c6n-b0-1g2wf

Configuration 1 [-]

AND

cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build201719:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ezviz:cs-db1c-a0-1e2w2fr_firmware:5.3.0:build211208:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-db1c-a0-1e2w2fr:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:5.3.0:build210731:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ezviz:cs-c3w-a0-3h4wfrl_firmware:5.3.5:build220120:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c3w-a0-3h4wfrl:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ezviz:cs-cv248_firmware:5.2.1:build180403:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-cv248:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-09-15T00:00:00

Updated: 2022-09-15T13:15:15

Reserved: 2022-07-19T00:00:00

Link: CVE-2022-2471

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-15T14:15:09.640

Modified: 2022-09-20T18:48:21.943

Link: CVE-2022-2471

JSON object: View

Redhat Information

No data.

CWE

CWE-121

{"containers": {"cna": {"affected": [{"product": "CS-CV248", "vendor": "EZVIZ", "versions": [{"lessThan": "5.2.3 build 220725", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "CS-C6N-A0-1C2WFR", "vendor": "EZVIZ", "versions": [{"lessThan": "5.3.0 build 220428", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "CS-DB1C-A0-1E2W2FR", "vendor": "EZVIZ", "versions": [{"lessThan": "5.3.0 build 220802", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "CS-C6N-B0-1G2WF", "vendor": "EZVIZ", "versions": [{"lessThan": "5.3.0 build 220712", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "CS-C3W-A0-3H4WFRL", "vendor": "EZVIZ", "versions": [{"lessThan": "5.3.5 build 220723", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Bitdefender Labs"}], "datePublic": "2022-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T13:15:15", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}], "solutions": [{"lang": "en", "value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."}], "source": {"discovery": "EXTERNAL"}, "title": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2022-09-15T01:00:00.000Z", "ID": "CVE-2022-2471", "STATE": "PUBLIC", "TITLE": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CS-CV248", "version": {"version_data": [{"version_affected": "<", "version_value": "5.2.3 build 220725"}]}}, {"product_name": "CS-C6N-A0-1C2WFR", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.0 build 220428"}]}}, {"product_name": "CS-DB1C-A0-1E2W2FR", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.0 build 220802"}]}}, {"product_name": "CS-C6N-B0-1G2WF", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.0 build 220712"}]}}, {"product_name": "CS-C3W-A0-3H4WFRL", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.5 build 220723"}]}}]}, "vendor_name": "EZVIZ"}]}}, "credit": [{"lang": "eng", "value": "Bitdefender Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams", "refsource": "MISC", "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}]}, "solution": [{"lang": "en", "value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2022-2471", "datePublished": "2022-09-15T00:00:00", "dateReserved": "2022-07-19T00:00:00", "dateUpdated": "2022-09-15T13:15:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build201719:*:*:*:*:*:*", "matchCriteriaId": "47C0BBC0-DADA-4E4B-BD6D-09859B290EFC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F7B9244-BE9E-4F6F-99E3-A08B46C4559E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-db1c-a0-1e2w2fr_firmware:5.3.0:build211208:*:*:*:*:*:*", "matchCriteriaId": "C18E7920-0F8F-4C00-A649-69FD9FDFAF33", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-db1c-a0-1e2w2fr:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA3AD5A7-8DDE-4750-AF0B-54FD9620D2AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6n-b0-1g2wf_firmware:5.3.0:build210731:*:*:*:*:*:*", "matchCriteriaId": "14FFD3A3-5A67-4828-AE11-2747493BE4D7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6n-b0-1g2wf:-:*:*:*:*:*:*:*", "matchCriteriaId": "53448693-4C67-4538-B879-12F3F8B51BEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c3w-a0-3h4wfrl_firmware:5.3.5:build220120:*:*:*:*:*:*", "matchCriteriaId": "6908D459-9F6A-44A0-BD35-CF61C0827EEF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c3w-a0-3h4wfrl:-:*:*:*:*:*:*:*", "matchCriteriaId": "457F05D1-02C5-461A-93E3-E1D150BD60D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-cv248_firmware:5.2.1:build180403:*:*:*:*:*:*", "matchCriteriaId": "54DA9047-AEB4-4C20-AC3D-9CA3B97C75C6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-cv248:-:*:*:*:*:*:*:*", "matchCriteriaId": "EE214B45-33B9-4C4D-AD19-0BB0DBC37ECD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."}, {"lang": "es", "value": "Una vulnerabilidad de Desbordamiento del B\u00fafer en la regi\u00f3n Stack de la Memoria en el componente de detecci\u00f3n de movimiento de EZVIZ usado en los modelos de c\u00e1mara CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL permite a un atacante remoto ejecutar c\u00f3digo remoto en el dispositivo. Este problema afecta a: EZVIZ CS-CV248 versiones anteriores a 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versiones anteriores a 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versiones anteriores a 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versiones anteriores a versi\u00f3n 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versiones anteriores a 5.3.5 build 220723"}], "id": "CVE-2022-2471", "lastModified": "2022-09-20T18:48:21.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2022-09-15T14:15:09.640", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cve-requests@bitdefender.com", "type": "Primary"}]}