CVE-2023-6322 : A stack-based buffer overflow vulnerability exists in the message parsing functi

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

Published 2024-05-15 12:08:24

Updated 2025-02-11 21:32:42

Source Bitdefender

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2023-6322

Roku » Indoor Camera Se Firmware
Versions up to, including, (<=) 3.0.2.4679
cpe:2.3:o:roku:indoor_camera_se_firmware:*:*:*:*:*:*:*:*
Matching versions
Roku » Indoor Camera Se Firmware » Version: 3.0.2.4679
cpe:2.3:o:roku:indoor_camera_se_firmware:3.0.2.4679:*:*:*:*:*:*:*
Matching versions
When used together with: Roku » Indoor Camera Se » Version: N/A
Throughtek » Kalay Platform » Version: N/A
cpe:2.3:a:throughtek:kalay_platform:-:*:*:*:*:*:*:*
Matching versions
Wyze » Cam V3 Firmware
Versions up to, including, (<=) 4.36.11.5859
cpe:2.3:o:wyze:cam_v3_firmware:*:*:*:*:*:*:*:*
Matching versions
Wyze » Cam V3 Firmware » Version: 4.36.11.5859
cpe:2.3:o:wyze:cam_v3_firmware:4.36.11.5859:*:*:*:*:*:*:*
Matching versions
When used together with: Wyze » Cam V3 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-6322

EPSS FAQ

0.24%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 47 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6322

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	N/A	N/A	Bitdefender	2024-05-15
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	Bitdefender	2024-05-15
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2025-02-11
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-6322

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Assigned by:
- b3d5ebe7-963e-41fb-98e1-2edaeabb8f82 (Primary)
- cve-requests@bitdefender.com (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-6322

https://bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/

Notes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-6322

Products affected by CVE-2023-6322

Exploit prediction scoring system (EPSS) score for CVE-2023-6322

CVSS scores for CVE-2023-6322

CWE ids for CVE-2023-6322

References for CVE-2023-6322