Vulnerabilities > Zavio > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-08 CVE-2023-39435 Out-of-bounds Write vulnerability in Zavio products
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows.
network
low complexity
zavio CWE-787
critical
 9.8
9.8
2023-11-08 CVE-2023-3959 Out-of-bounds Write vulnerability in Zavio products
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows.
network
low complexity
zavio CWE-787
critical
 9.8
9.8
2023-11-08 CVE-2023-43755 Out-of-bounds Write vulnerability in Zavio products
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows.
network
low complexity
zavio CWE-787
critical
 9.8
9.8
2023-11-08 CVE-2023-45225 Out-of-bounds Write vulnerability in Zavio products
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras  with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows.
network
low complexity
zavio CWE-787
critical
 9.8
9.8
2023-11-08 CVE-2023-4249 OS Command Injection vulnerability in Zavio products
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests.
network
low complexity
zavio CWE-78
critical
 9.8
9.8
2020-01-29 CVE-2013-2570 OS Command Injection vulnerability in Zavio F3105 Firmware and F312A Firmware
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
network
low complexity
zavio CWE-78
critical
 9.8
9.8
2020-01-29 CVE-2013-2568 OS Command Injection vulnerability in Zavio F3105 Firmware and F312A Firmware
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
network
low complexity
zavio CWE-78
critical
 9.8
9.8