CVE-2024-6247

CVSS 3.0 Score 6.8 of 10 (medium)

Details

Published Nov 22, 2024
CWE ID 78

Summary

CVE-2024-6247 is a remotely exploitable OS command injection vulnerability affecting the Wyze Cam v3 IP cameras. The flaw stems from insufficient validation of user-supplied SSIDs in QR codes, allowing physically present attackers to execute arbitrary code on affected devices without requiring authentication. The vulnerability, identified as ZDI-CAN-22337, can lead to code execution in the context of root.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share