CVE-2024-6249
CVSS 3.0 Score 8.8 of 10 (high)
Details
Published Nov 22, 2024
CWE ID 121
Summary
CVE-2024-6249 is a newly disclosed vulnerability affecting Wyze Cam v3 IP cameras. This issue is a stack-based buffer overflow vulnerability in the TUTK P2P library, which allows network-adjacent attackers to execute arbitrary code on affected installations without requiring authentication. The root cause of this flaw is the lack of proper validation of user-supplied data length prior to copying it into a fixed-length buffer. Attackers can exploit this vulnerability to execute code in the context of root, as identified in ZDI-CAN-22419.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Wyze Cam v3
Affected Vendors
- Wyze