{"api_version":"1","generated_at":"2026-04-19T08:30:07+00:00","cve":"CVE-2023-4249","urls":{"html":"https://cve.report/CVE-2023-4249","api":"https://cve.report/api/cve/CVE-2023-4249.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-4249","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-4249"},"summary":{"title":"CVE-2023-4249","description":"** UNSUPPPORTED WHEN ASSIGNED ** Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \n\nIP Cameras \n\nwith firmware version M2.1.6.05 has a \ncommand injection vulnerability in their implementation of their \nbinaries and handling of network requests.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2023-11-08 23:15:00","updated_at":"2023-11-15 22:31:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03","name":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03","refsource":"","tags":[],"title":"Zavio IP Camera | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-4249","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4249","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"b8220","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"b8220_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"b8520","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"b8520_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cb3211","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cb3211_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cb3212","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cb3212_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cb5220","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cb5220_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cb6231","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cb6231_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cd321","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cd321_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cf7201","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cf7201_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cf7300","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cf7300_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cf7500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cf7500_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"zavio","cpe5":"cf7501","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"4249","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"zavio","cpe5":"cf7501_firmware","cpe6":"m2.1.6.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-4249","ASSIGNER":"ics-cert@hq.dhs.gov","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"** UNSUPPPORTED WHEN ASSIGNED ** Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,\n CB6231, B8520, B8220, and CD321 \n\nIP Cameras \n\nwith firmware version M2.1.6.05 has a \ncommand injection vulnerability in their implementation of their \nbinaries and handling of network requests.\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-121 Stack-Based Buffer Overflow","cweId":"CWE-121"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zavio","product":{"product_data":[{"product_name":"IP Camera CF7500","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CF7300","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CF7201","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CF7501","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CB3211","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CB3212","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CB5220","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CB6231","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera B8520","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera B8220","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}},{"product_name":"IP Camera CD321","version":{"version_data":[{"version_affected":"=","version_value":"version M2.1.6.05"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03","refsource":"MISC","name":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-03"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"advisory":"ICSA-23-304-03","discovery":"EXTERNAL"},"work_around":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">The affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.</span>\n\n<br>"}],"value":"\nThe affected products are end-of-life and have been identified to contain many insecurities. The vendor, Zavio, is no longer actively in business and therefore development for firmware fixes, mitigations, and updates are not available and will not become available. CISA recommends users discontinue use of the product.\n\n\n"}],"credits":[{"lang":"en","value":"Attila Szasz "}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-11-08 23:15:00","lastModifiedDate":"2023-11-15 22:31:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cf7500_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cf7500:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cf7300_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cf7300:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cf7201_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cf7201:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cf7501_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cf7501:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cb3211_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cb3211:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cb3212_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cb3212:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cb5220_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cb5220:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cb6231_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cb6231:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:b8520_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:b8520:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:b8220_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:b8220:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:zavio:cd321_firmware:m2.1.6.05:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:zavio:cd321:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}