Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for EZVIZ APP by EZVIZ

    CVE-2026-32683 (GCVE-0-2026-32683)

    Vulnerability from nvd – Published: 2026-05-09 08:29 – Updated: 2026-05-12 22:31
    VLAI
    Summary
    Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    EZVIZ EZVIZ APP Affected: iOS: Versions prior to 7.3.1
    Affected: Android: Versions prior to 7.3.0.0210
    Create a notification for this product.
    Credits
    Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T17:29:08.128087Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T22:31:10.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EZVIZ APP",
              "vendor": "EZVIZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "iOS: Versions prior to 7.3.1"
                },
                {
                  "status": "affected",
                  "version": "Android: Versions prior to 7.3.0.0210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cisco Talos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T08:29:09.821Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.ezviz.com/inter/trust-center/security/security-notice/2026.05.08"
            },
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-cloud-function-modules-of-some-hikvisi/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2026-32683",
        "datePublished": "2026-05-09T08:29:09.821Z",
        "dateReserved": "2026-03-13T07:45:08.744Z",
        "dateUpdated": "2026-05-12T22:31:10.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32683 (GCVE-0-2026-32683)

    Vulnerability from cvelistv5 – Published: 2026-05-09 08:29 – Updated: 2026-05-12 22:31
    VLAI
    Summary
    Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    EZVIZ EZVIZ APP Affected: iOS: Versions prior to 7.3.1
    Affected: Android: Versions prior to 7.3.0.0210
    Create a notification for this product.
    Credits
    Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T17:29:08.128087Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-319",
                    "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-12T22:31:10.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EZVIZ APP",
              "vendor": "EZVIZ",
              "versions": [
                {
                  "status": "affected",
                  "version": "iOS: Versions prior to 7.3.1"
                },
                {
                  "status": "affected",
                  "version": "Android: Versions prior to 7.3.0.0210"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cisco Talos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T08:29:09.821Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.ezviz.com/inter/trust-center/security/security-notice/2026.05.08"
            },
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerability-in-cloud-function-modules-of-some-hikvisi/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2026-32683",
        "datePublished": "2026-05-09T08:29:09.821Z",
        "dateReserved": "2026-03-13T07:45:08.744Z",
        "dateUpdated": "2026-05-12T22:31:10.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }