Critical Vulnerability Found in Zavio IP Cameras – Update Firmware Now

CVECVE-2023-43755
CVSScvssV3_1: 9.8
SourceCVE-2023-43755

Security researchers have discovered a serious vulnerability in Zavio IP cameras that could allow remote hackers to take control of devices.

The vulnerability affects several Zavio camera models running a specific outdated firmware version. It is caused by how the cameras handle XML requests from the network – they do not properly check the size of data received, which can lead to a buffer overflow.

Buffer overflows occur when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. This can corrupt memory and allow attackers to execute malicious code. In this case, a hacker could craft a specially crafted XML request to exploit the vulnerability and take full control of the affected camera.

Once an attacker gains remote code execution on the camera, they would be able to view and download any footage, modify settings, and use the camera as part of a botnet to launch other attacks. As IP cameras are often used for surveillance purposes, this poses serious privacy and security risks.

The good news is there is an easy fix – users simply need to update their Zavio camera firmware to the latest version, which patches this vulnerability. We recommend checking for and installing any available updates immediately. It’s also advisable to change default credentials if you haven’t already. Taking these simple steps will help protect your security camera from remote exploitation.

References