CVE-2024-6248

CVSS 3.0 Score 7.5 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 287

Summary

CVE-2024-6248 is a remote code execution vulnerability impacting Wyze Cam v3 IP cameras. This issue resides in the cloud infrastructure's run_action_batch endpoint and arises from the use of the device's MAC address as the sole authentication credential. Attackers can exploit this vulnerability without requiring authentication, leading to arbitrary code execution in the context of root. This vulnerability, identified as ZDI-CAN-22393, can be exploited by network-adjacent attackers and poses a significant risk to organizations using Wyze Cam v3 IP cameras.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share