CVE-2023-45225

Zavio IP Camera Stack-Based Buffer Overflow

Description

Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras  with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.

Remediation

Workaround:

  • The affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.

Categories

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 1.53% Top 20%
Third-Party Advisory cisa.gov
Affected: Zavio IP Camera CF7500
Affected: Zavio IP Camera CF7300
Affected: Zavio IP Camera CF7201
Affected: Zavio IP Camera CF7501
Affected: Zavio IP Camera CB3211
Affected: Zavio IP Camera CB3212
Affected: Zavio IP Camera CB5220
Affected: Zavio IP Camera CB6231
Affected: Zavio IP Camera B8520
Affected: Zavio IP Camera B8220
Affected: Zavio IP Camera CD321
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2023-45225?
CVE-2023-45225 has been scored as a critical severity vulnerability.
How to fix CVE-2023-45225?
As a workaround for remediating CVE-2023-45225: The affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.
Is CVE-2023-45225 being actively exploited in the wild?
It is possible that CVE-2023-45225 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-45225?
CVE-2023-45225 affects Zavio IP Camera CF7500, Zavio IP Camera CF7300, Zavio IP Camera CF7201, Zavio IP Camera CF7501, Zavio IP Camera CB3211, Zavio IP Camera CB3212, Zavio IP Camera CB5220, Zavio IP Camera CB6231, Zavio IP Camera B8520, Zavio IP Camera B8220, Zavio IP Camera CD321.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.