<< Return to Security Response Center
Notice Released By: EZVIZ Security Team
Initial Release Date: 2022-09-14
Vulnerabilities & Affected Versions:
Some EZVIZ products have been affected by the following security vulnerabilities:
[1] Stack-Based Buffer Overflow Vulnerability (CVE-2022-2471)
[2] Improper Memory Initialization Vulnerability (CVE-2022-2472)
Affected Product Models | Related Vulnerabilities | Affected Versions |
CS-CV248 | [1]; | Versions below V5.2.3 build 220725 |
CS-C6N-A0-1C2WFR | [1]; [2] | Versions below V5.3.0 build 220428 |
CS-DB1C-A0-1E2W2FR | [1] | Versions below V5.3.0 build 220802 |
CS-C6N-B0-1G2WF | [1] | Versions below V5.3.0 build 220712 |
CS-C3W-A0-3H4WFRL | [1] | Versions below V5.3.5 build 220723 |
EZVIZ Cloud API Vulnerabilities:
[3] Insecure Direct Object Reference Vulnerability in three API endpoints
Fix Progress:
The reported vulnerabilities [1] and [2] have been patched in the latest EZVIZ firmware, which has been released to the affected users for firmware update via the EZVIZ App. The reported vulnerability [3] has been fixed on the cloud platform.
Completing Device Firmware Upgrade:
For users with affected device, they can complete the firmware upgrade via their EZVIZ App on the specific device page to fix the vulnerabilities. Users should have received an upgrade push notification and are able to follow the instruction on the update page to complete the upgrade properly.
Source of Vulnerability Information:
The vulnerabilities were reported to EZVIZ Security Team by BitDefender.
Contact Us:
If you believe you have discovered a security vulnerability, please report it to EZVIZ at security@ezvizlife.com.
EZVIZ would like to thank all security researchers and professionals who help test, identify and mitigate potential vulnerabilities in EZVIZ products, to make sure we continue to respectfully protect people and homes.