CVE-2024-37066

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wyze:cam_v4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wyze:cam_v4:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:23

Type Values Removed Values Added
References () https://forums.wyze.com/t/security-advisory/289256 - Vendor Advisory () https://forums.wyze.com/t/security-advisory/289256 - Vendor Advisory
References () https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/ - Exploit, Third Party Advisory () https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/ - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 6.8

22 Aug 2024, 18:22

Type Values Removed Values Added
CPE cpe:2.3:h:wyze:cam_v4:*:*:*:*:*:*:*:*
cpe:2.3:o:wyze:cam_v4_firmware:*:*:*:*:*:*:*:*
References () https://forums.wyze.com/t/security-advisory/289256 - () https://forums.wyze.com/t/security-advisory/289256 - Vendor Advisory
References () https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/ - () https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/ - Exploit, Third Party Advisory
First Time Wyze cam V4
Wyze
Wyze cam V4 Firmware
Summary
  • (es) Existe una vulnerabilidad de inyección de comandos en las versiones de firmware Wyze V4 Pro anteriores a la 4.50.4.9222, que permite a los atacantes ejecutar comandos arbitrarios a través de Bluetooth como root durante el proceso de configuración de la cámara.
CVSS v2 : unknown
v3 : 6.8
v2 : unknown
v3 : 8.8

19 Jul 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-19 12:15

Updated : 2024-11-21 09:23


NVD link : CVE-2024-37066

Mitre link : CVE-2024-37066

CVE.ORG link : CVE-2024-37066


JSON object : View

Products Affected

wyze

  • cam_v4
  • cam_v4_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')