CVE-2022-2471

Summary

CVE	CVE-2022-2471
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-09-15 14:15:00 UTC
Updated	2022-09-20 18:48:00 UTC
Description	Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.

Risk And Classification

Problem Types: CWE-121

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Ezviz	Cs-c3w-a0-3h4wfrl	-	All	All	All
Operating System	Ezviz	Cs-c3w-a0-3h4wfrl Firmware	5.3.5	build220120	All	All
Hardware	Ezviz	Cs-c6n-a0-1c2wfr	-	All	All	All
Operating System	Ezviz	Cs-c6n-a0-1c2wfr Firmware	5.3.0	build201719	All	All
Hardware	Ezviz	Cs-c6n-b0-1g2wf	-	All	All	All
Operating System	Ezviz	Cs-c6n-b0-1g2wf Firmware	5.3.0	build210731	All	All
Hardware	Ezviz	Cs-cv248	-	All	All	All
Operating System	Ezviz	Cs-cv248 Firmware	5.2.1	build180403	All	All
Hardware	Ezviz	Cs-db1c-a0-1e2w2fr	-	All	All	All
Operating System	Ezviz	Cs-db1c-a0-1e2w2fr Firmware	5.3.0	build211208	All	All

References

Reference	Source	Link	Tags
Vulnerabilities Identified in EZVIZ Smart Cams	MISC	www.bitdefender.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Bitdefender Labs

There are currently no legacy QID mappings associated with this CVE.