Vulnerabilities > Ezviz
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-04 | CVE-2023-41613 | Uncontrolled Search Path Element vulnerability in Ezviz Studio 2.2.0 EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | 7.8 |
2023-11-28 | CVE-2023-48121 | Improper Authentication vulnerability in Ezviz products An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.x build 20230401 allows remote attackers to obtain sensitive information by sending crafted messages to the affected devices. | 5.3 |
2023-08-01 | CVE-2023-34551 | Out-of-bounds Write vulnerability in Ezviz products In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. | 8.0 |
2023-08-01 | CVE-2023-34552 | Out-of-bounds Write vulnerability in Ezviz products In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. | 8.8 |
2022-09-15 | CVE-2022-2471 | Unspecified vulnerability in Ezviz products Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. | 9.8 |
2022-09-15 | CVE-2022-2472 | Unspecified vulnerability in Ezviz Cs-C6N-A0-1C2Wfr Firmware 5.3.0 Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. | 5.5 |