VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 1, 2023· Updated Oct 21, 2024

CVE-2023-34551

CVE-2023-34551

Description

Two stack buffer overflows in EZVIZ camera SDK's netClientSetWlanCfg function allow authenticated local network attackers to achieve remote code execution on multiple models.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Two stack buffer overflows in EZVIZ camera SDK's netClientSetWlanCfg function allow authenticated local network attackers to achieve remote code execution on multiple models.

Vulnerability

Two stack buffer overflow vulnerabilities exist in the netClientSetWlanCfg function of the EZVIZ SDK command server in several EZVIZ camera models. The affected products include CS-C6N-B0-1G2WF (firmware before V5.3.0 build 230215), CS-C6N-R101-1G2WF (before V5.3.0 build 230215), CS-CV310-A0-1B2WFR (before V5.3.0 build 230221), CS-CV310-A0-1C2WFR-C (before V5.3.2 build 230221), CS-C6N-A0-1C2WFR-MUL (before V5.3.2 build 230218), CS-CV310-A0-3C2WFRL-1080p (before V5.2.7 build 230302), CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p (before V5.3.2 build 230214), CS-CV248-A0-32WMFR (before V5.2.3 build 230217), and EZVIZ LC1C (before V5.3.4 build 230214). The vulnerability is triggered when processing crafted wireless configuration commands. [2]

Exploitation

An attacker must be on the same local network as the vulnerable camera and have authenticated access to the camera's SDK command server. By sending a specially crafted packet to the netClientSetWlanCfg function, the attacker can trigger a stack buffer overflow, leading to arbitrary code execution. The exact attack vector is network-based. [2]

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary code on the target camera with the privileges of the SDK command server process (typically root). This results in full compromise of the device, including the ability to view video feeds, modify settings, and pivot to other devices on the local network. [2]

Mitigation

The vendor, EZVIZ, has released firmware updates that address these vulnerabilities. Users should upgrade to the following fixed versions or later: CS-C6N-B0-1G2WF to V5.3.0 build 230215, CS-C6N-R101-1G2WF to V5.3.0 build 230215, CS-CV310-A0-1B2WFR to V5.3.0 build 230221, CS-CV310-A0-1C2WFR-C to V5.3.2 build 230221, CS-C6N-A0-1C2WFR-MUL to V5.3.2 build 230218, CS-CV310-A0-3C2WFRL-1080p to V5.2.7 build 230302, CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p to V5.3.2 build 230214, CS-CV248-A0-32WMFR to V5.2.3 build 230217, and EZVIZ LC1C to V5.3.4 build 230214. No workaround is available. [2]

References
  1. EZVIZ - Creating Easy Smart Homes

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • EZVIZ/EZVIZ productsdescription
  • EZVIZ/EZVIZllm-fuzzy
    Range: <V5.3.0 build 230215

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

2

News mentions

0

No linked articles in our index yet.