Vulnerabilities > CVE-2023-6322 - Out-of-bounds Write vulnerability in multiple products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

NVD

Published: 2024-05-15

Updated: 2025-02-11

Summary

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Wyze Wyze CAM V3 Firmware 4.36.11.5859	1
OS	Roku Roku Indoor Camera SE Firmware 3.0.2.4679	1
Hardware	Wyze Wyze CAM V3 -	1
Hardware	Roku Roku Indoor Camera SE -	1
Application	Throughtek Throughtek Kalay Platform -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/