CVE-2023-6322

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/	Exploit Third Party Advisory
https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.5859:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_v3:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:roku:indoor_camera_se_firmware:3.0.2.4679:*:*:*:*:*:*:*

cpe:2.3:h:roku:indoor_camera_se:-:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:throughtek:kalay_platform:-:*:*:*:*:*:*:*

History

11 Feb 2025, 21:32

Type	Values Removed	Values Added
CWE		CWE-787
First Time		Roku indoor Camera Se Wyze cam V3 Firmware Throughtek Roku indoor Camera Se Firmware Roku Wyze cam V3 Wyze Throughtek kalay Platform
CPE		cpe:2.3:h:wyze:cam_v3:-:::::::* cpe:2.3:h:roku:indoor_camera_se:-:::::::* cpe:2.3:a:throughtek:kalay_platform:-:::::::* cpe:2.3:o:roku:indoor_camera_se_firmware:3.0.2.4679:::::::* cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.5859:::::::*
References	~~() https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ -~~	() https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/ - Exploit, Third Party Advisory

Information

Published : 2024-05-15 13:15

Updated : 2025-02-11 21:32

NVD link : CVE-2023-6322

Mitre link : CVE-2023-6322

CVE.ORG link : CVE-2023-6322

JSON object : View

Products Affected

roku

indoor_camera_se_firmware
indoor_camera_se

wyze

cam_v3
cam_v3_firmware

throughtek

kalay_platform

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-6322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-05-15T13:15:25.543", "references": [{"url": "https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve-requests@bitdefender.com"}, {"url": "https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad de an\u00e1lisis de mensajes de Roku Indoor Camera SE versi\u00f3n 3.0.2.4679 y Wyze Cam v3 versi\u00f3n 4.36.11.5859. Un mensaje especialmente manipulado puede provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Un atacante puede realizar solicitudes autenticadas para desencadenar esta vulnerabilidad."}], "lastModified": "2025-02-11T21:32:42.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.5859:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FE4DD58-8A90-43ED-B613-AB7D0BBA63A4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C96BD4E4-F38A-4D78-851D-0F879B4D3A16"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:roku:indoor_camera_se_firmware:3.0.2.4679:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B79DA37F-D435-470A-812C-5DB730F91A85"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:roku:indoor_camera_se:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EF28236D-4618-4E8A-A8A5-60DD6104D9CD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:throughtek:kalay_platform:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4176E066-18DF-47D7-8604-2596C2F37EB6"}], "operator": "OR"}]}], "sourceIdentifier": "cve-requests@bitdefender.com"}