Cs C6N A0 1C2Wfr Firmware
CVE-2022-2472
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.
AnalysisAI
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-665. Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. Affected products include: Ezviz Cs-C6N-A0-1C2Wfr Firmware. Version information: prior to 5.3.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Cs C6N A0 1C2Wfr Firmware
View allStack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-
An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 2023040
Same weakness CWE-665 – Improper Initialization
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today