LiveActive security incident?Get immediate response
CVE archive

August 2023

Browse CVE records published in August 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2311 matching CVEs · Page 1 of 47.

Critical · CVSS 9.8

CVE-2023-39809: N.V.K.INTER CO., LTD.

N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain an OS command injection vulnerability via shell metacharacters in the system_hostname parameter at /manage/network-basic.php.

Published Aug 21, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-39808: N.V.K.INTER CO., LTD.

N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password that allows attackers to login with root privileges via the SSH service. The cleartext password corresponding to the $1$4Tmm01jl$7HRvcW.bz7uGmX9hiQWvR hash was not determined by the vulnerability discoverer.

Published Aug 21, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-39807: N.V.K.INTER CO., LTD.

N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.

Published Aug 21, 2023 · Updated Jul 9, 2026

High · CVSS 7.5

CVE-2023-38952: Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their pr...

Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints.

Published Aug 3, 2023 · Updated Jul 9, 2026

Critical · CVSS 9.8

CVE-2023-38951: ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or...

ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM.

Published Aug 3, 2023 · Updated Jul 9, 2026

Medium · CVSS 4

CVE-2023-34552: In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_...

In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.

Published Aug 1, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-34551: In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK comm...

In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).

Published Aug 1, 2023 · Updated Jul 9, 2026