This vulnerability in EZVIZ APP versions prior to iOS 7.3.1 and Android 7.3.0.0210 involves legacy cloud feature modules using outdated API interfaces that do not adequately protect data in transit. The weakness corresponds to CWE-319 (Cleartext Transmission of Sensitive Information), allowing attackers with network access to eavesdrop on communications and potentially obtain sensitive data. The CVSS 3.1 base score is 5.3, reflecting a medium severity with attack vector as adjacent network, high attack complexity, no privileges required, no user interaction, and impact limited to confidentiality.

The vulnerability allows attackers on the same or adjacent network to intercept and access sensitive data transmitted by the affected EZVIZ APP versions. There is no impact on integrity or availability reported. The confidentiality of user data, including potentially video streams or related information, is at risk if the app is not updated and video encryption is not enabled.

Users should upgrade the EZVIZ APP to versions 7.3.1 or later on iOS and 7.3.0.0210 or later on Android, where this vulnerability is addressed. Additionally, enabling the video encryption feature is recommended to protect data transmission. Since no official patch or vendor advisory is provided in the input, patch status is not explicitly confirmed; users should verify with EZVIZ for the latest remediation guidance.