Vulnerabilities > Zavio
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-39435 | Out-of-bounds Write vulnerability in Zavio products Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. | 9.8 |
| 2023-11-08 | CVE-2023-3959 | Out-of-bounds Write vulnerability in Zavio products Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. | 9.8 |
| 2023-11-08 | CVE-2023-43755 | Out-of-bounds Write vulnerability in Zavio products Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. | 9.8 |
| 2023-11-08 | CVE-2023-45225 | Out-of-bounds Write vulnerability in Zavio products Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. | 9.8 |
| 2023-11-08 | CVE-2023-4249 | OS Command Injection vulnerability in Zavio products Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests. | 9.8 |
| 2020-01-29 | CVE-2013-2570 | OS Command Injection vulnerability in Zavio F3105 Firmware and F312A Firmware A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code. | 9.8 |
| 2020-01-29 | CVE-2013-2569 | Improper Authentication vulnerability in Zavio F3105 Firmware and F312A Firmware A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream. | 7.5 |
| 2020-01-29 | CVE-2013-2568 | OS Command Injection vulnerability in Zavio F3105 Firmware and F312A Firmware A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2020-01-29 | CVE-2013-2567 | Use of Hard-coded Credentials vulnerability in Zavio F3105 Firmware and F312A Firmware An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information. | 7.5 |