CVE-2024-6247
CVSS 3.0 Score 6.8 of 10 (medium)
Details
Published Nov 22, 2024
CWE ID 78
Summary
CVE-2024-6247 is a remotely exploitable OS command injection vulnerability affecting the Wyze Cam v3 IP cameras. The flaw stems from insufficient validation of user-supplied SSIDs in QR codes, allowing physically present attackers to execute arbitrary code on affected devices without requiring authentication. The vulnerability, identified as ZDI-CAN-22337, can lead to code execution in the context of root.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Wyze Cam v3
Affected Vendors
- Wyze