PatchSiren cyber security CVE debrief
CVE-2023-34873 Mobotix CVE debrief
A high-severity authenticated remote code execution vulnerability exists in the tcpdump feature of Mobotix P3 and Mx6 camera firmware. The vulnerability stems from improper input validation in the tcpdump functionality, allowing authenticated attackers to execute arbitrary code on affected devices. CISA published advisory ICSA-24-235-03 on August 22, 2024, documenting this issue with a CVSS 3.1 score of 8.8. The vulnerability requires low attack complexity and network access, with low privileges required for exploitation. Affected products include multiple P3 camera models running firmware versions MX-V4.0.1.15 through MX-V4.1.6.27, and Mx6 camera models. Vendor fixes are available: P3 cameras should be updated to firmware MX-V4.7.2.18 or later, while Mx6 cameras require MX-V5.2.0.61 or later. Camera restart is required after firmware installation.
- Vendor
- Mobotix
- Product
- P3
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-08-22
- Original CVE updated
- 2024-08-22
- Advisory published
- 2024-08-22
- Advisory updated
- 2024-08-22
Who should care
Organizations deploying Mobotix P3 or Mx6 surveillance cameras in critical infrastructure, enterprise security, or industrial environments. Security teams responsible for IoT/OT device management and firmware maintenance.
Technical summary
The tcpdump feature in Mobotix P3 and Mx6 camera firmware fails to properly validate user input, enabling authenticated remote code execution. The vulnerability is exploitable over the network with low attack complexity and requires authenticated access. Affected firmware versions span multiple releases in the MX-V4.0.x and MX-V4.1.x branches for P3 cameras. Vendor-supplied firmware updates address the input validation deficiency.
Defensive priority
HIGH
Recommended defensive actions
- Update P3 cameras to firmware MX-V4.7.2.18 or later per vendor guidance
- Update Mx6 cameras to firmware MX-V5.2.0.61 or later per vendor guidance
- Restart cameras after firmware update to complete remediation
- Restrict network access to camera management interfaces to authorized administrators only
- Monitor for unauthorized access attempts to camera tcpdump functionality
- Apply defense-in-depth practices for industrial control systems per CISA guidance
Evidence notes
CVE published 2024-08-22. CISA advisory ICSA-24-235-03 published same date. Vendor fix details and affected product enumeration sourced from CISA CSAF document. CVSS vector confirms network attack vector with low complexity and authenticated access requirement.
Official resources
-
CVE-2023-34873 CVE record
CVE.org
-
CVE-2023-34873 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-08-22