CVE-2022-2472 - OpenCVE

Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ezviz	Cs-c6n-a0-1c2wfr Firmware Cs-c6n-a0-1c2wfr

Configuration 1 [-]

AND

cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build220428:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-09-15T00:00:00

Updated: 2022-09-15T13:20:11

Reserved: 2022-07-19T00:00:00

Link: CVE-2022-2472

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-15T14:15:09.717

Modified: 2022-09-19T19:03:50.403

Link: CVE-2022-2472

JSON object: View

Redhat Information

No data.

CWE

CWE-665

{"containers": {"cna": {"affected": [{"product": "CS-C6N-A0-1C2WFR", "vendor": "EZVIZ", "versions": [{"lessThan": "5.3.0 build 220428", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Bitdefender Labs"}], "datePublic": "2022-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T13:20:11", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}], "solutions": [{"lang": "en", "value": "A firmware update to version 5.3.0 build 220428 or higher fixes the issue."}], "source": {"discovery": "EXTERNAL"}, "title": "Improper Initialization vulnerability in local server authentication logic", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2022-09-15T13:00:00.000Z", "ID": "CVE-2022-2472", "STATE": "PUBLIC", "TITLE": "Improper Initialization vulnerability in local server authentication logic"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CS-C6N-A0-1C2WFR", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.0 build 220428"}]}}]}, "vendor_name": "EZVIZ"}]}}, "credit": [{"lang": "eng", "value": "Bitdefender Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-665 Improper Initialization"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams", "refsource": "MISC", "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}]}, "solution": [{"lang": "en", "value": "A firmware update to version 5.3.0 build 220428 or higher fixes the issue."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2022-2472", "datePublished": "2022-09-15T00:00:00", "dateReserved": "2022-07-19T00:00:00", "dateUpdated": "2022-09-15T13:20:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build220428:*:*:*:*:*:*", "matchCriteriaId": "A23F9515-7B4F-4674-98E7-9A03FDD7FC83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F7B9244-BE9E-4F6F-99E3-A08B46C4559E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428."}, {"lang": "es", "value": "Una vulnerabilidad de inicializaci\u00f3n inapropiada en el componente del servidor local de EZVIZ CS-C6N-A0-1C2WFR, permite a un atacante local leer el contenido del espacio de memoria que contiene la contrase\u00f1a de administrador cifrada. Este problema afecta a: EZVIZ CS-C6N-A0-1C2WFR versiones anteriores a 5.3.0 build 220428"}], "id": "CVE-2022-2472", "lastModified": "2022-09-19T19:03:50.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2022-09-15T14:15:09.717", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "cve-requests@bitdefender.com", "type": "Primary"}]}