CVE-2023-34552 in CS-C6N-B0-1G2WFinfo

Summary

by MITRE • 08/01/2023

In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability identified as CVE-2023-34552 represents a critical security flaw affecting multiple EZVIZ surveillance camera models that implement the SADP multicast protocol for device discovery and configuration. This vulnerability stems from two distinct stack-based buffer overflow conditions located within the mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the firmware implementation. The flaw manifests when the affected devices process incoming multicast packets without proper input validation, creating opportunities for malicious actors to exploit the memory corruption conditions. According to industry standards, this vulnerability maps directly to CWE-121 Stack-based Buffer Overflow, which is classified as a high-risk vulnerability due to its potential for arbitrary code execution.

The attack surface for this vulnerability is particularly concerning as it requires no authentication and can be exploited by adversaries who are simply present on the same local network segment as the vulnerable camera. This network proximity requirement makes the attack vector particularly dangerous in environments where physical security is insufficient or where network segmentation is inadequate. The exploitation process involves crafting specially malformed multicast packets that trigger the buffer overflow conditions in the targeted functions, potentially allowing attackers to overwrite critical memory locations and execute arbitrary code with the privileges of the affected process. The impact extends beyond simple privilege escalation as the vulnerability affects firmware versions spanning multiple product lines including various CS-C6N and CS-CV310 series cameras, indicating a widespread exposure across the EZVIZ product portfolio.

From an operational perspective, the implications of this vulnerability are severe and multifaceted. Successful exploitation could enable attackers to gain complete control over the affected cameras, potentially allowing for persistent backdoor access, data exfiltration, or use of the devices as pivot points for further network reconnaissance and lateral movement. The affected firmware versions suggest that this vulnerability has been present for an extended period, leaving numerous devices exposed in production environments without adequate protection. Network security frameworks such as MITRE ATT&CK taxonomy would categorize this vulnerability under T1071.004 Application Layer Protocol: DNS and T1059.001 Command and Scripting Interpreter: PowerShell, as exploitation would likely involve crafting malicious network traffic and potentially executing commands through the compromised device. The vulnerability's presence in multiple firmware versions indicates that EZVIZ has not adequately addressed this issue across their product line, creating a significant security gap that affects both enterprise and consumer deployments.

The recommended mitigations for CVE-2023-34552 focus on immediate firmware updates to versions that contain patches for the identified buffer overflow conditions. Organizations should prioritize updating all affected EZVIZ devices to firmware versions V5.3.0 or later, depending on the specific model and variant. Network segmentation strategies should be implemented to isolate these devices from untrusted network segments, and network monitoring should be enhanced to detect anomalous multicast traffic patterns that might indicate exploitation attempts. Additionally, access controls should be enforced to ensure that only authorized network entities can communicate with these devices, and regular security assessments should be conducted to identify any other potentially vulnerable networked devices that may be running similar firmware versions. The vulnerability serves as a stark reminder of the importance of firmware security and the need for continuous vulnerability management in IoT and network security infrastructure deployments.

Reservation

06/07/2023

Disclosure

08/01/2023

Moderation

accepted

CPE

ready

EPSS

0.00394

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!