A buffer overflow exists in the dgiot binary of the LSC Smart Indoor IP Camera firmware. The flaw appears when the Time Zone (TZ) parameter from the ONVIF configuration interface is processed. Because the length of this string is not validated before copying into a fixed‑size buffer with an insecure strcpy call, a crafted TZ value can overwrite adjacent memory. This uncontrolled write is a classic CWE‑120 condition that could allow an attacker to alter program flow and execute arbitrary code, thereby compromising the confidentiality, integrity, and availability of the camera system.

The only vendor and product explicitly mentioned is the LSC Smart Indoor IP Camera running firmware version 7.6.32. No other Siemens or third‑party devices are noted, and no later firmware revisions are listed as covered by this advisory.

The CVSS base score of 7.2 indicates high severity. EPSS information is not available, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector is remote over the network, likely targeting the ONVIF management endpoint. An attacker with network reach could send a malicious TZ value in an HTTP request to trigger the overflow. While no wild‑field exploitation has been documented, the vulnerability is theoretically exploitable with modest effort and is the type that can be chained with other camera‑specific weaknesses.