CVE-2024-6248
CVSS 3.0 Score 7.5 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 287
Summary
CVE-2024-6248 is a remote code execution vulnerability impacting Wyze Cam v3 IP cameras. This issue resides in the cloud infrastructure's run_action_batch endpoint and arises from the use of the device's MAC address as the sole authentication credential. Attackers can exploit this vulnerability without requiring authentication, leading to arbitrary code execution in the context of root. This vulnerability, identified as ZDI-CAN-22393, can be exploited by network-adjacent attackers and poses a significant risk to organizations using Wyze Cam v3 IP cameras.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Wyze Cam v3
Affected Vendors
- Wyze