CVE-2022-2472 - Vulnerability Details - OpenCVE

Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00209.

Key SSVC decision points have not yet been added.

Vendors	Products
Ezviz	Cs-c6n-a0-1c2wfr Cs-c6n-a0-1c2wfr Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build220428:*:*:*:*:*:*

cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-34731	Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.

Fixes

Solution

A firmware update to version 5.3.0 build 220428 or higher fixes the issue.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00041}`	epss `{'score': 0.00043}`

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-09-15T13:20:11.708721Z

Updated: 2024-09-17T03:03:45.761Z

Reserved: 2022-07-19T00:00:00

Link: CVE-2022-2472

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-15T14:15:09.717

Modified: 2024-11-21T07:01:03.663

Link: CVE-2022-2472

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "CS-C6N-A0-1C2WFR", "vendor": "EZVIZ", "versions": [{"lessThan": "5.3.0 build 220428", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Bitdefender Labs"}], "datePublic": "2022-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-665", "description": "CWE-665 Improper Initialization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T13:20:11", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}], "solutions": [{"lang": "en", "value": "A firmware update to version 5.3.0 build 220428 or higher fixes the issue."}], "source": {"discovery": "EXTERNAL"}, "title": "Improper Initialization vulnerability in local server authentication logic", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2022-09-15T13:00:00.000Z", "ID": "CVE-2022-2472", "STATE": "PUBLIC", "TITLE": "Improper Initialization vulnerability in local server authentication logic"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CS-C6N-A0-1C2WFR", "version": {"version_data": [{"version_affected": "<", "version_value": "5.3.0 build 220428"}]}}]}, "vendor_name": "EZVIZ"}]}}, "credit": [{"lang": "eng", "value": "Bitdefender Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-665 Improper Initialization"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams", "refsource": "MISC", "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}]}, "solution": [{"lang": "en", "value": "A firmware update to version 5.3.0 build 220428 or higher fixes the issue."}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:08.014Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}]}]}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2022-2472", "datePublished": "2022-09-15T13:20:11.708721Z", "dateReserved": "2022-07-19T00:00:00", "dateUpdated": "2024-09-17T03:03:45.761Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ezviz:cs-c6n-a0-1c2wfr_firmware:5.3.0:build220428:*:*:*:*:*:*", "matchCriteriaId": "A23F9515-7B4F-4674-98E7-9A03FDD7FC83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ezviz:cs-c6n-a0-1c2wfr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F7B9244-BE9E-4F6F-99E3-A08B46C4559E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428."}, {"lang": "es", "value": "Una vulnerabilidad de inicializaci\u00f3n inapropiada en el componente del servidor local de EZVIZ CS-C6N-A0-1C2WFR, permite a un atacante local leer el contenido del espacio de memoria que contiene la contrase\u00f1a de administrador cifrada. Este problema afecta a: EZVIZ CS-C6N-A0-1C2WFR versiones anteriores a 5.3.0 build 220428"}], "id": "CVE-2022-2472", "lastModified": "2024-11-21T07:01:03.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "cve-requests@bitdefender.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-15T14:15:09.717", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}