Search criteria

2 vulnerabilities found for EZVIZ APP by EZVIZ

CVE-2026-32683 (GCVE-0-2026-32683)

Vulnerability from nvd – Published: 2026-05-09 08:29 – Updated: 2026-05-12 22:31
VLAI?
Summary
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
EZVIZ EZVIZ APP Affected: iOS: Versions prior to 7.3.1
Affected: Android: Versions prior to 7.3.0.0210
Create a notification for this product.
Credits
Cisco Talos
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T17:29:08.128087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-319",
                "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T22:31:10.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EZVIZ APP",
          "vendor": "EZVIZ",
          "versions": [
            {
              "status": "affected",
              "version": "iOS: Versions prior to 7.3.1"
            },
            {
              "status": "affected",
              "version": "Android: Versions prior to 7.3.0.0210"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cisco Talos"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-09T08:29:09.821Z",
        "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "shortName": "hikvision"
      },
      "references": [
        {
          "url": "https://www.ezviz.com/inter/trust-center/security/security-notice/2026.05.08"
        },
        {
          "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-cloud-function-modules-of-some-hikvisi/"
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.15"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
    "assignerShortName": "hikvision",
    "cveId": "CVE-2026-32683",
    "datePublished": "2026-05-09T08:29:09.821Z",
    "dateReserved": "2026-03-13T07:45:08.744Z",
    "dateUpdated": "2026-05-12T22:31:10.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32683 (GCVE-0-2026-32683)

Vulnerability from cvelistv5 – Published: 2026-05-09 08:29 – Updated: 2026-05-12 22:31
VLAI?
Summary
Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
EZVIZ EZVIZ APP Affected: iOS: Versions prior to 7.3.1
Affected: Android: Versions prior to 7.3.0.0210
Create a notification for this product.
Credits
Cisco Talos
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-11T17:29:08.128087Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-319",
                "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T22:31:10.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EZVIZ APP",
          "vendor": "EZVIZ",
          "versions": [
            {
              "status": "affected",
              "version": "iOS: Versions prior to 7.3.1"
            },
            {
              "status": "affected",
              "version": "Android: Versions prior to 7.3.0.0210"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Cisco Talos"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-09T08:29:09.821Z",
        "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "shortName": "hikvision"
      },
      "references": [
        {
          "url": "https://www.ezviz.com/inter/trust-center/security/security-notice/2026.05.08"
        },
        {
          "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-cloud-function-modules-of-some-hikvisi/"
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.15"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
    "assignerShortName": "hikvision",
    "cveId": "CVE-2026-32683",
    "datePublished": "2026-05-09T08:29:09.821Z",
    "dateReserved": "2026-03-13T07:45:08.744Z",
    "dateUpdated": "2026-05-12T22:31:10.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}