CVE-2023-34551 – This vulnerability allows an authenticated atta... (How to Fix)

Q: What is the severity of CVE-2023-34551?

CVE-2023-34551 has a CVSS score of 8.0 (HIGH). This vulnerability allows an authenticated attacker on the same local network as affected EZVIZ security cameras to execute arbitrary code via stack buffer overflows in the network configuration function. The attacker must have valid credentials and local network access to exploit the flaw. This affects multiple EZVIZ camera models with outdated firmware.

📋 TL;DR

This vulnerability allows an authenticated attacker on the same local network as affected EZVIZ security cameras to execute arbitrary code via stack buffer overflows in the network configuration function. The attacker must have valid credentials and local network access to exploit the flaw. This affects multiple EZVIZ camera models with outdated firmware.

💻 Affected Systems

Products:

EZVIZ CS-C6N-B0-1G2WF
EZVIZ CS-C6N-R101-1G2WF
EZVIZ CS-CV310-A0-1B2WFR
EZVIZ CS-CV310-A0-1C2WFR-C
EZVIZ CS-C6N-A0-1C2WFR-MUL
EZVIZ CS-CV310-A0-3C2WFRL-1080p
EZVIZ CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p
EZVIZ CS-CV248-A0-32WMFR
EZVIZ LC1C

Versions: Firmware versions before those specified in CVE description (varies by model, generally before V5.3.x builds from February/March 2023)

Operating Systems: Embedded camera firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected devices with default configurations are vulnerable. Authentication is required but default credentials may be used if not changed.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the camera device leading to persistent access, lateral movement to other network devices, data exfiltration, or participation in botnets.

🟠

Likely Case

Unauthorized access to camera feeds, device manipulation, or denial of service against the camera.

🟢

If Mitigated

Limited impact due to network segmentation and strong authentication controls preventing attacker access.

🌐 Internet-Facing: LOW - Exploitation requires local network access, not directly internet-facing unless cameras are exposed via port forwarding.

🏢 Internal Only: HIGH - Attackers with network access and valid credentials can achieve remote code execution on vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to the camera's network services and knowledge of the vulnerable function. Stack buffer overflows typically require some exploitation skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by model - see CVE description for specific fixed versions (generally V5.3.0 or V5.3.2 builds from February/March 2023)

Vendor Advisory: https://www.ezviz.com/data-security/security-notice/detail/827

Restart Required: Yes

Instructions:

1. Log into EZVIZ camera web interface or mobile app. 2. Navigate to Settings > System > Firmware Update. 3. Check for available updates. 4. If no update appears, download latest firmware from EZVIZ website. 5. Upload firmware file manually. 6. Camera will restart automatically after update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN without internet access

Access Control

all

Change default credentials and implement strong authentication

🧯 If You Can't Patch

Segment cameras on isolated network without internet access
Implement strict firewall rules to limit camera communication to necessary services only

🔍 How to Verify

Check if Vulnerable:

Check firmware version in camera web interface or mobile app against affected versions listed in CVE

Check Version:

No universal command - check via camera web interface or mobile app settings

Verify Fix Applied:

Confirm firmware version matches or exceeds patched versions specified in CVE description

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by network configuration changes
Unusual process execution on camera device

Network Indicators:

Unusual network traffic to/from camera on non-standard ports
Multiple connection attempts to camera management interface

SIEM Query:

source="camera_logs" AND (event="authentication_failure" OR event="config_change") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2023-34551

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 1, 2023

Last Updated: November 21, 2024

🔗 References

http://ezviz.com Product
https://www.ezviz.com/data-security/security-notice/detail/827 Vendor Advisory
http://ezviz.com Product
https://www.ezviz.com/data-security/security-notice/detail/827 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34551, you might also want to check these: